Error when attaching files in CA Service Desk Manger using SSL: "Unable to connect make sure servlet server is correct and Tomcat is up and running"

Document ID:  TEC1182887
Last Modified Date:  06/16/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Service Desk Manager

Releases

  • CA Service Desk Manager:Release:14.1
  • CA Service Desk Manager:Release:17.0

Components

  • Svc Desk Integration:SDINTE
Problem:

The following error appears when trying to attach files to a ticket in CA Service Desk Manager using IIS with SSL:

"Unable to connect make sure servlet server is correct and Tomcat is up and running."

Environment:
CA Service Desk Manager 14.1 and later All Supported Windows Operating Systems
Cause:

The SSL certificate being used in IIS and Tomcat is different

Resolution:

The SSL certificate in IIS and Tomcat must be the same.

Follow the steps below to export the certificate from IIS and configure in Tomcat:

1. Export the certificate from IIS

IIS 7, 8 and 8.5

  • On the Start menu click Run and then type 'mmc'
  • Click File > Add/Remove Snap-in
  • Click Certificates > Add
  • Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  • Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  • Right-click on the certificate you want to backup and select ALL TASKS > Export.
  • Choose Yes, export the private key and include all certificates in certificate path if possible.
  • Warning: Do not select the delete private key option.
  • Leave the default settings and then enter your password if required.
  • Choose to save the file and then click Finish. You should receive an "export successful" message. The .pfx file is now saved to the location you selected.

IIS 6

  • Open IIS Management Console
  • Go to Start –> Administrative Tools –> Internet Information Services (IIS) Manager
  • Navigate to the site which contains the SSL certificate you want to export
  • Make a right click on the site and choose properties
  • Go to the Directory Security Tab and press the Server Certificate button
  • Click ‘next’ on the welcome screen
  • Select the option ‘Export’ the current certificate to a .pfx file
  • Select a name and location and click next
  • Type in the password for the file and keep it safe
  • Click OK
  • Close out of the wizard.

2. Configure TOMCAT to use the exported SSL certificate:

Make a copy of the file NXROOT\bopcfg\www\CATALINA_BASE\conf\server.xml and then open the file using a text editor.

Locate the following line:

<!--
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
-->

Change it as follows:

NOTE: be sure to remove the <-- and --> tags that currently comment out the HTTPS/SSL connector for Tomcat and set the appropriate path and password for the SSL certificate.

<Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" clientAuth="false" keystoreFile="C:\keystore\sdm.pfx" keystorePass="YOURPASSWORD" keystoreType="PKCS12" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

NOTES:

keystoreFile="C:\keystore\sdm.pfx" - should match the location of the exported IIS SSL certificate


keystorePass="YOURPASSSWORD"  - password set for the SSL certificate


ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" - this tag will prevent the error described in TEC1197111.

keystoreType=”PKCS12” - this will allow TOMCAT to understand or interpret the new SSLcertificate from IIS.

sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" - this tag prevents a vulnerability described in TEC1250834.

3. Repeat the same steps on all CA SDM application/secondary servers.

4. Restart CA SDM services

5. Configure CA SDM to use the SSL server URL via ADMINSTRATION TAB->SYSTEM->SERVERS

Additional Information:

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing