| Author |
Message |
![[Post New]](/Sysforums/templates/default/images/icon_minipost_new.gif) 25/06/2008 20:12:15
|
Richard
SysAider
Joined: 25/06/2008
Messages: 2
Offline
|
I want to be able to have users connect to SysAid with an SSL certificate and was having trouble finding where to store the certificate and then recofigure tomcat to use the certificate. I am running SysAid on a Windows Server 2003 machine and would appriciate any help anyone could provide me on how to do this.
Thanks,
Richard
SysAid n00b 
|
|
|
29/06/2008 10:06:13
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
Hello Richard.
did you already used our instructions on integrating SysAid with SSL?
If you did, and you are having issues with it, please contact our support and this issue at helpdesk@ilient.com
Best regards
|
Pushing IT forward |
|
|
30/06/2008 03:26:33
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 903
Offline
|
Got a quick question.
Is it recommended to have SysAid and SSL in the same server ?
|
|
|
30/06/2008 07:57:17
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
I'm not sure i understand your question obelix,
SSL is being integrated into the built-in Tomcat server in SysAid (so it must be on the same server)
In case you are referring to IIS with SSL, you can use it on the same server or another.
|
Pushing IT forward |
|
|
30/06/2008 08:02:29
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 903
Offline
|
Yes but the only ssl implementation I know of sysaid is when you retrieve mail.
What about remote user accesing the SR ?
|
|
|
08/07/2008 18:00:07
|
Richard
SysAider
Joined: 25/06/2008
Messages: 2
Offline
|
I cannot find the instructions you are referring to on integrating SysAid with SSL. If you could provide me with the link to the document I will definately give it a try.
|
|
|
09/07/2008 04:43:23
|
Joseph Zargari
VP Customer Relations
Joined: 26/03/2006
Messages: 518
Offline
|
Hey Richard,
Here are the instructions. As I understand, you already have a certificate that you wish to put into SysAid (and not create a self-signed certificate). If that's indeed the case, you should read the instructions on Apache Tomcat's site (link below).
To configure SSL encryption (https) for SysAid, you must first create a keystore file (which acts as the certificate). If you wish to use a purchased certificate or just one from your own CA, please consult the guide on Apache's website at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
To create a keystore file, please use the following command:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
This will create a “.keystore” file in your C:\Documents and Settings\CURRENT-USER\ folder. Please copy this file to your ...\SysAidServer\ folder.
When creating this file, you should use the password "changeit" for both passwords
The next step would be to edit ...\SysAidServer\tomcat\conf\server.xml file. Please add the below text right after the existing <Connector> tag:
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="443" acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="C:\Program Files\SysAidServer\.keystore"/>
</Connector>
port=”8443” represent the port SysAid will be listening on for secure connections. In this case you will have to use the following URL: https://SERVER-NAME:8443/
After these changes were made, please restart the SysAid Server service and check if SysAid is accessible over a secure connection.
Enjoy!
This message was edited 1 time. Last update was at 09/07/2008 04:45:45
|
|
|
14/07/2008 12:17:20
|
MBeckett
Super SysAider
Joined: 07/07/2008
Messages: 68
Location: England, UK
Offline
|
Richard wrote:I want to be able to have users connect to SysAid with an SSL certificate and was having trouble finding where to store the certificate and then recofigure tomcat to use the certificate. I am running SysAid on a Windows Server 2003 machine and would appriciate any help anyone could provide me on how to do this.
Thanks,
Richard
SysAid n00b
Hello Richard,
I have been through this process myself and although tricky to set up, it can be done.
Joseph has included the instructions on the process to follow but if you're using a third party certificate, you will need to get help (I can help as much as I can as I know the difficulty that can occur).
Obelix wrote: Yes but the only ssl implementation I know of sysaid is when you retrieve mail.
What about remote user accesing the SR ?
Hello Obelix,
Just to let you know, you can have the end users access the Sysaid using SSL Web Redirect as we now have a fully functionally web redirect to SSL when our end users are logging into our portal with a third party certificate.
Any further questions then please let me know.
|
"REEEEBOOOOOOOOOOOOOT!" |
|
|
14/07/2008 22:04:59
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 903
Offline
|
Yes with Joseph's post I now realize why it didn't work the first time I tried.
I forgot SysAid is a server by itself.
Been tweaking the wrong thing.
|
|
|
16/07/2008 06:41:07
|
MBeckett
Super SysAider
Joined: 07/07/2008
Messages: 68
Location: England, UK
Offline
|
Obelix wrote:Yes with Joseph's post I now realize why it didn't work the first time I tried.
I forgot SysAid is a server by itself.
Been tweaking the wrong thing.
 Well if you get stuck and need help with it, give me a shout.
|
"REEEEBOOOOOOOOOOOOOT!" |
|
|
20/08/2008 16:29:44
|
MacroHelp
SysAider
Joined: 20/08/2008
Messages: 1
Offline
|
I've tried to follow the instructions but when I change the values my server service will no longer restart. My server.xml file also looks different than what's stated on this post. See below:
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port ? --><Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="80"
minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- Logger shared by all Contexts related to this virtual host. By
default (when using FileLogger), log files are created in the "logs"
directory relative to $CATALINA_HOME. If you wish, you can specify
a different directory with the "directory" attribute. Specify either a
relative (to $CATALINA_HOME) or absolute path to the desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
<!-- Tomcat Root Context -->
<Context path="" docBase="../../root" debug="0"/>
</Host>
</Engine>
</Service>
</Server>
|
|
|
21/08/2008 02:14:27
|
shay
SysAid Customer Relations
Joined: 14/04/2008
Messages: 93
Offline
|
Dear Richard
In order to further investigate this issue , please open a service request and send it to :
helpdesk@ilient.com
You mentioned that after changeing the server.XML file ,the SysAid server service stop responding , so please provide us on that service request your logs directory zipped which located at:
...\SysAidServer\root\WEB-INF\logs
As well ,please provide us your wrapper.log which located at :
...\SysAidServer\logs\wrapper.log
...\SysAidServer\tomcat\conf\server.xml
Looking forward to your response .
|
|
|
27/08/2008 11:05:24
|
MBeckett
Super SysAider
Joined: 07/07/2008
Messages: 68
Location: England, UK
Offline
|
Hello Macro,
It would seem to me that there is some code missing from the script you've provided.
I would double check with what we have here and let you know.
Can you please explain exactly what you're trying to do... Just install a third party SSL cert?
Can you please let I know what values you have changed before this stopped working?
|
"REEEEBOOOOOOOOOOOOOT!" |
|
|
21/04/2009 08:55:54
|
OCIO
SysAider
Joined: 16/01/2009
Messages: 38
Offline
|
I tried following these intructions. Everything worked perfectly for my SysAid 6 test server, but when I tried to implement the same procedures on my 5.6.10 SysAid production server it ignores the https and won't find the server but yet it still finds my http non-secure connection. I added the following section after the <connector > tag as stated in the instructions. My server is a windows 2003 server.
Here is my Server.xml:
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port ? -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="80"
minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="443"
minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="443"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="C:\Program Files\SysAidServer\.keystore"/> </Connector>
<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- Logger shared by all Contexts related to this virtual host. By
default (when using FileLogger), log files are created in the "logs"
directory relative to $CATALINA_HOME. If you wish, you can specify
a different directory with the "directory" attribute. Specify either a
relative (to $CATALINA_HOME) or absolute path to the desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
<!-- Tomcat Root Context -->
<Context path="" docBase="../../root" debug="0"/>
</Host>
</Engine>
</Service>
</Server>
|
|
|
22/04/2009 07:53:20
|
Haim
SysAid Wiz
Joined: 15/04/2008
Messages: 2449
Offline
|
OCIO,
The server.xml looks ok at first sight.
Please try to re-start the SysAid server service, the wait a minute or two and look in the ...\SysAidServer\logs\wrapper.log and copy everything below the last time the "Starting service Tomcat-Standalone" line appear.
This log should show us if the SSL service is started or not.
Haim
|
Pushing IT forward |
|
|
![[Up]](/Sysforums/templates/default/images/icon_up.gif){kind=icon}
