cancel
Showing results for 
Search instead for 
Did you mean: 

Has anyone configured Wily to use the SSL port 6443 successfully?

Former Member
0 Kudos
638

I have been trying to get my Wily configuration to use the secure port 6443. So far, not much luck. I am using all of the https ports for everything else but when I change the Wily port to 6443 in the Diagnostic Setup, Advanced Setup, the status changes from "Enterprise Manager is live and running" to "Connectivity Status could not be checked: All configured Enterprise Managers are offline - check configuration".

I have checked all of the settings in the /usr/sap/ccms/wilyintroscope/confige/IntroscopeEnterpriseManager.properties file and have swapped certificates between the Enterprise Management Console's keystore and my Solution Manager system's PSE. I added the EMC's certificate to the SSL Server Standard, SSL Client (Anonymous) and SSL Client (Standard) sections of the PSE. My current IntroscopeEnterpriseManager.properties file shows the following properties / values for the port 6443:

  1. The secure (SSL) communication channel.

introscope.enterprisemanager.serversocketfactory.channel2=com.wily.isengard.postofficehub.link.net.serve

r.SSLServerSocketFactory

introscope.enterprisemanager.port.channel2=6443

  1. Location of a keystore containing certificates for authenticating the EM to clients.

introscope.enterprisemanager.keystore.channel2=internal/server/keystore

  1. The password for the keystore.

introscope.enterprisemanager.keypassword.channel2=########

  1. Location of a truststore containing trusted client certificates.

introscope.enterprisemanager.truststore.channel2=internal/server/keystore

  1. The password for the truststore

introscope.enterprisemanager.trustpassword.channel2=########

  1. Set to true to require clients to authenticate.

  2. If true, clients must be configured with a keystore containing a certificate trusted by the EM.

introscope.enterprisemanager.needclientauth.channel2=true

If I set the diagnostics setup to port 6001 and then get to the Workstation login view, I can use the port 6443 to properly authenticate after entering my username and password. But I cannot get the system to use the port 6443 automatically.

Anyone seen anything similar or know enough about the SSL port configuration of Wily to give me a hand?

Much appreciation,

Deb Nugent.

Accepted Solutions (0)

Answers (1)

Answers (1)

Vivek_Hegde
Active Contributor
0 Kudos

Hi Deb,

I configured my local EM installation with the default values

(introscope.enterprisemanager.port.channel2=8444) and port 6443 in

em-jetty-config.xml (without creating my own certificate). Doing so

I can launch WebView respectively the Workstation with

http://localhost:8081 and https://localhost:8444.

With the Workstation I now can connect to the EM only with port 6443

instead of 6001.So you may change the port setting in file

IntroscopeEnterpriseManager.properties and give it a try.

Regards

Vivek

Former Member
0 Kudos

Vivek,

Glad your configuration is working - it gives me hope.

When I set up the port 6443 in the em-jetty-config.xml file, I can see the EMC is properly listening on port 6443 after I restart it. My problem is that the Solution Manager system cannot fully recognize the EMC.

To see the problem, I log into Solution Manager, transaction /nsolman_workcenter. I select the workcenter "Root Cause Analysis". From the "Common tasks" menu, I select "Diagnostics setup". This invokes the website http://solman_server:8030/webdynpro/dispatcher/sap.com/tcsmdnavigation/SmdNavigation. I then select "Diagnotics system" and select "Advanced setup". I select he Wily tab and here can define the ports for the Enterprise Manager.

I enter the fully qualified hostname of my Solution Manager system which is where we have installed the Wily Enterprise Manager. The port for the EMC is 6001, the user is "Admin" with its current (changed) password. The webview is set to the fully qualified hostname of the Solution Manager system and the webview port is 8444 with https selected.

If I use port 6001 here, everything works fine and the status shows a green box, "Enterprise Manager is live and running". If I change it to use port 6443 and save the settings, the status changes to the warning flag, "Connectivity status could not be checked: All configured Enterprise Managers are offline - check configuration." When in this state, and I invoke the Webview from within Solution Manager, I get no EMC servers listed and thus, cannot log into the EMC. If I use the URL https://solman_server:8444/workstation, or https://solman_server:8444/webview, I can log in and correctly see all of my systems attached to the EMC.

We will require users to authenticate through Solution Manager so the link from Solution Manager has to work. We have enabled SSO for Wily and thus, do not create usernames and passwords for users in the users.xml / domains.xml files. We have a business requirement to not have usernames and passwords used.

If I manually use the URL https://solman_server:8444/workstation, and manually try to log into the EMC using port 6443 and my username / password to log in, I get an error, "Error attempting to connect to the Enterprise Manager 'solman_server'."

So I was wondering if anyone else had encountered this and knew of a way around it.

Thanks in advance,

Deb Nugent.