Integrating OpManager with Service DeskPlus while SDP using 3rd party SSL Certificate

Integrating OpManager with Service DeskPlus while SDP using 3rd party SSL Certificate

Solution:

For build 12.3.181 and above, SSL enabled ServiceDeskPlus can be integrated directly from UI.

Importing trusted certificates



OpManager validates the trusted sources with  the help of certificates in OpManager truststore. By default OpManager trusts all major CA signed certs. If a specific certificate or service has to be trusted, the certificate has to be added to this truststore.

Go to Settings
1



Click on Basic Settings
2



Choose Security Settings
3



Go to the Trusted Certificates tab.


trusted-import

Here you have 2 options to import certificates into trusted sources.

  1. Fetch certificate from a URL reachable from OpManager server
  1. Directly upload certificates as files or from a keystore/truststore.

If you choose URL and provide the url of the service you want to trust, you will be prompted to verify and import the fetched certificate. Click Import and it will be added to the trusted sources.



trusted-import-url-1


If you choose the second option, Certificate/ Trust Store file, then you will have to browse and select the files.


trusted-import-cert-store



In the below case, certificate crt files are chosen to add to truststore. On clicking import, it will be added to OpManager's truststore.


trusted-import-cert



In case you have a keystore / truststore / pfx of the source you want to trust, browse and choose the appropriate truststore file. Input the password and click Fetch.
You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.


trusted-import-truststorepng



For build numbers below 12.3.181:


Solution:

1. Copy the sdp.keystore file from the SDP installation which is under the sdp\conf folder to OpManagerhome directory.

2. We have to get the keypass and storepass used  while generating the sdp.keystore file in Service Desk plus

     You can open the file "server.xml" located under "<SDP installed directory>\server\default\deploy\jbossweb-
     tomcat50.sar\" and see   keypass & storepass , mostly keypass and storepass will be the same.

3. We have to identify the exact alias name used while generating sdp.keystore. You can get that by running this command         from the OpManager  administrative command prompt.

     Execute below command from the OpManager installed directory using command prompt with run as administrator:
     \\OpManager>.\jre\bin\keytool -list -v -keystore sdp.keystore 

After executing the above command, you will get the alias name from the result.  

4. Once you have the alias name, keypass and store pass, replace them in the below command and execute it.(which is the 
    first part of ssl_servicedesk.bat), this will create a file called sdp_cert.txt

\\OpManager>.\jre\bin\keytool -export -v -rfc -alias <asc> -file sdp_cert.txt -keystore .\conf\sdp.keystore -keypass <sdpsecured> -storepass <sdpsecured>

In the above command, we have to change the alias name(<asc>), keypass value(<sdpsecured>) and storepass value (<sdpsecured>) with the respective alias name, keypass  and storepass values.

4.Execute the below command(second part of ssl_servicedesk.bat)

\\OpManager>.\jre\bin\keytool -import -alias SDPSSL -keystore .\conf\OpManager.truststore -file sdp_cert.txt -storepass opmanager -noprompt

Once it is done.

Go to to OpManager\bin directory and open the ssl_servicedesk.bat and do the below changes

Replace this line

%NMS_HOME%\jre\bin\keytool -export -v -rfc -alias asc -file sdp_cert.txt -keystore %NMS_HOME%/conf/sdp.keystore -keypass sdpsecured -storepass sdpsecured
 
with

%NMS_HOME%\jre\bin\keytool -export -v -rfc -alias <alias name> -file sdp_cert.txt -keystore %NMS_HOME%/conf/sdp.keystore -keypass <keypass value> -storepass <storepass value>

where <alias name>, <keypass value> and <storepass value> is the alias, keypass value and the storepass value that you used in fourth step.

Save the file and restart the OpManager service and verify the integration.