CA Service Management

Hey guys!
The certificate that is being using by the server on the CA Service Desk Manager expired!
Im confused, i need to do all the steps to configure ssl conections again? (like the link below)

Configuring SSL for Tomcat with CA Service Desk Manager 

How to Configure SSL Authentication - CA Service Management - 14.1 - CA Technologies Documentation 
I import the new pfx file to the IIS, restarted the IIS and the SDM tomcat but the conection with https protocol still giving error. 
I need to generate another keystore file?!
Sorry for the boring question, i´ve never done this before!! =(

Hi Diego,

You dont need to generate a new keystore, you should be able to simply import the updated cert(s) into the current keystore and recycle tomcat.    If its easier, you can rename the old keystore, then create a new one and import the new certs into the new keystore, then recycle tomcat.

Hope this helps,

Jon I.

Hi John!!

Many thanx for reply and sorry for the delay in responding!

I imported the new certificate for the keystore using the command below and updated some information in the web.xml file and import the new certifcate to the IIS server but the still ginving error!! =(

The import command:

keytool -importcert -file certificate.cer -keystore keystore.jks 

In the web.xml i update the keystore pass but did not restart the services of SDM.

To apply the changes i need to restart the SDM too? 

HI,

Yes this require recycle to take effect or at less bounce of the tomcat container.

/J

Hi,

Did Jon answer fix your problem?

Did you still need help there?

/J

Hi guys! Sorry again for the delay in responding. As i said, i can only restart the SDM services on weekends... =(

Well, i imported the new certificate to the keystore using the code mentioned on this topic but, for some reason, the page canot be open, the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" is presented on the browser!

Am I doing something wrong?

Theres some more steps that i can do to conclude this configuration?

Thanx again for all the help!!!!

Many thanks for the reply, Raghu.Rudraraju!

I unfortunately had passed by this problem a while back and managed to solve using the information in that link you suggested.

My server.xml already have the parameters ssl connector, look:

Hi Raghu.Rudraraju!

I try to send a directly message to you but could not!! =(

The entire contente of line 49:

<Connector SSLEnabled="true" ciphers=" TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA " clientAuth="false" keystoreFile="C:\Certificado\keystore.jks" keystorePass="pass" maxThreads="200" port="443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>

Many thanx for helping again, Raghu!!!!!!!

I think you are exposing all TLS protocols. Try adding this as in the doc

sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

See if that helps

_R

When i add the code after thhe <Connector SSLEnabled="true" the page show me the error: ERR_SSL_PROTOCOL_ERROR .

When replace the <Connector SSLEnabled="true" to sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" the error ERR_CONNECTION_REFUSED is presented!!

My examples:

1° -  <Connector  sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="...

2° - <Connector SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="...

=(

Hi Raghu.Rudraraju!!!!

I just opened the support case as you had suggested!

The case number is 00500953!!

Thanx again, Raghu!!!