Integrating OpManager with Service DeskPlus while SDP using 3rd party SSL Certificate
Solution:
For build 12.3.181 and above, SSL enabled ServiceDeskPlus can be integrated directly from UI.
If you choose URL and provide the url of the service you want to trust, you will be prompted to verify and import the fetched certificate. Click Import and it will be added to the trusted sources.
For build 12.3.181 and above, SSL enabled ServiceDeskPlus can be integrated directly from UI.
Importing trusted certificates |
OpManager validates the trusted sources with the help of certificates in OpManager truststore. By default OpManager trusts all major CA signed certs. If a specific certificate or service has to be trusted, the certificate has to be added to this truststore.
Go to Settings
Click on Basic Settings
Choose Security Settings
Go to the Trusted Certificates tab.
Here you have 2 options to import certificates into trusted sources.
- Fetch certificate from a URL reachable from OpManager server
- Directly upload certificates as files or from a keystore/truststore.
If you choose URL and provide the url of the service you want to trust, you will be prompted to verify and import the fetched certificate. Click Import and it will be added to the trusted sources.
If you choose the second option, Certificate/ Trust Store file, then you will have to browse and select the files.
In the below case, certificate crt files are chosen to add to truststore. On clicking import, it will be added to OpManager's truststore.
In case you have a keystore / truststore / pfx of the source you want to trust, browse and choose the appropriate truststore file. Input the password and click Fetch.
You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
For build numbers below 12.3.181:
Solution:
1. Copy the sdp.keystore file from the SDP installation which is under the sdp\conf folder to OpManagerhome directory.
2. We have to get the keypass and storepass used while generating the sdp.keystore file in Service Desk plus
You can open the file "server.xml" located under "<SDP installed directory>\server\default\deploy\jbossweb-
tomcat50.sar\" and see keypass & storepass , mostly keypass and storepass will be the same.
3. We have to identify the exact alias name used while generating sdp.keystore. You can get that by running this command from the OpManager administrative command prompt.
Execute below command from the OpManager installed directory using command prompt with run as administrator:
\\OpManager>.\jre\bin\keytool -list -v -keystore sdp.keystore
After executing the above command, you will get the alias name from the result.
4. Once you have the alias name, keypass and store pass, replace them in the below command and execute it.(which is the
first part of ssl_servicedesk.bat), this will create a file called sdp_cert.txt
\\OpManager>.\jre\bin\keytool -export -v -rfc -alias <asc> -file sdp_cert.txt -keystore .\conf\sdp.keystore -keypass <sdpsecured> -storepass <sdpsecured>
In the above command, we have to change the alias name(<asc>), keypass value(<sdpsecured>) and storepass value (<sdpsecured>) with the respective alias name, keypass and storepass values.
4.Execute the below command(second part of ssl_servicedesk.bat)
\\OpManager>.\jre\bin\keytool -import -alias SDPSSL -keystore .\conf\OpManager.truststore -file sdp_cert.txt -storepass opmanager -noprompt
Once it is done.
Go to to OpManager\bin directory and open the ssl_servicedesk.bat and do the below changes
Replace this line
%NMS_HOME%\jre\bin\keytool -export -v -rfc -alias asc -file sdp_cert.txt -keystore %NMS_HOME%/conf/sdp.keystore -keypass sdpsecured -storepass sdpsecured
with
%NMS_HOME%\jre\bin\keytool -export -v -rfc -alias <alias name> -file sdp_cert.txt -keystore %NMS_HOME%/conf/sdp.keystore -keypass <keypass value> -storepass <storepass value>
where <alias name>, <keypass value> and <storepass value> is the alias, keypass value and the storepass value that you used in fourth step.
Save the file and restart the OpManager service and verify the integration.
New to ADSelfService Plus?
Related Articles
Third party SSL certificate implementation in OpManager
OpManager integration with SDP using .pfx certificate.
Applying .pfx certificate in SDP does not involve creating keystore file which is required for integration. Please follow the below steps to create a Keystore file. Place the file OpManager.TrustStore and SDP PFX file under the OpManager JRE\bin ...Enabling SSL for opmanager web console using pfx or keystore or truststore
Using a Third party SSL cert in Opmanager 12000 and 12200
1 - Open a command prompt (Run-> cmd) and change directory to %opmanager%\jre\bin 2 - Generate a Keystore file. Execute the following command and provide requested details to create OpManager.truststore file under %opmanager%\conf folder. keytool.exe ...Integrating google maps with OpManager