CA Service Management

  • Private Community

  • 1.  Advise SSL Generate https

    Posted Oct 27, 2017 10:24 AM

    Hello Team

     Currently sdm config type is Tomcat & IIS http server default. I need to configure http to https . which method should i follow to configure ssl ? TOmcat or IIS?

     

    Please advise

     

     

     

     



  • 2.  Re: Advise SSL Generate https

    Posted Oct 27, 2017 10:31 AM

    HI Aamir,

    If you are going to continue using both IIS and Tomcat (we will ALWAYS use tomcat for web services, and attachments regardless of whether you also use IIS or not), then you will need to put SSL in place all around.   On top of that, to avoid going from SSL to non-ssl URLs, you will also want to set up SSL for any other apps or components integrated with Service Desk such as Visualizer, Support Automation, Xflow, USS, Elastic Search etc...

    You will want to get a cert from a trusted cert vendor as self-signed certs will have issues as they are not from a trusted cert authority - and so you would need to have that cert imported into everyone's browser and configured properly for it to work.

    Here are some docs that may help a bit:

    Configuring SSL for Tomcat with CA Service Desk Manager 

    Enable SSL in Tomcat for CA Service Desk Manager using a Self-Signed Certificate 

    How do we import a vendor supplied certificate into Service Desk's Tomcat? 

    Thanks,

    Jon I.



  • 3.  Re: Advise SSL Generate https

    Posted Oct 27, 2017 10:37 AM

    Thanks Jon for you r quick response 

     

    Do u mean that it is necessary to use https for other integrated apps like uss , xflow?

     

    If we go with only sdm to use https , will it affect other apps?

    we have advance avaialbility sdm. So i beleive we need to generate ssl only on bg server and nothing do on app server?? pls advise



  • 4.  Re: Advise SSL Generate https
    Best Answer

    Posted Oct 27, 2017 10:44 AM

    Hi Aamir,

    Yes, that is correct. Because what happens is that all modern browsers today throw errors when you are in an SSL url, and then try to access a link to a url that is non-SSL - its called mixed content and most browsers block it.  So for this reason we advise that if you are going to set up SSL, that you do it on all applications within the enviornment that interact, integrate, or are accessed from Service Desk - or any app hitting Service Desk.

    As for Advanced Availability - No you cannot just do the background server - you need to do ALL servers in the environment.

    SSL is really an all-or-none thing these days.  If you do this in a mixed manner some SSL and some non-SSL you will face problems and struggle with it - and will end up implementing SSL all around anyway in the end to resolve the issues.

    Jon