Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Add SSL to Your Existing Servicedesk 7.5 Installation

Created: 30 Apr 2013 • Updated: 30 Apr 2013
Language Translations
BRING's picture
+2 2 Votes
Login to vote

Implementing SSL is a great way to secure the communication between clients and servers. The encryption implemented protects the corporate data exchanged between the clients and the protected servers.

Servicedesk supports using SSL, and it is best implemented during installation. Instructions to install SSL during the installation phase can be found in the KB HOWTO31138, found at http://www.symantec.com/docs/HOWTO31138. SSL can also be added later and the contents of this article will outline how to make the changes. It does, however, require some scripts to be run at the SQL server, as well as server settings and application property changes. It is recommended that review the entire article here, prior to proceeding. You may have custom items that need to be accommodated. It always is strongly recommended that you back your system and database up prior to implementing this process.

You may also want to consider contacting Technical Support to assist with this process.

SSL Conversion Overview

To convert an existing Servicedesk installation to support SSL, you should

  • Certificate Server - Ensure that you have a certificate server (CA) , a valid certificate, and your Servicedesk server's IIS is configured to use the CA certificate.
  • Servicedesk Server Settings: Change the Servicedesk Server Settings to use the prefix https:
  • Servicedesk Application Properties: Change the Servicedesk Application Properties to use the prefix https:
  • Database: Change all of the associated URL references in the database to use https:

Certificate Server

It is assumed that you have a valid certificate server and certificate available for the Servicedesk server to use. Since there are so many different options for certificates, providers, etc., this article will not cover that configuration. One item to note is that you should review the URL and make sure that the certificate name matches the FQDN of your Servicedesk server. This will be your "friendly name". This will make your ability to change the URL references later, much easier. Once you have your certificate installed on the CA server for the Servicedesk server, follow the steps below:

  1. Open IIS on the Servicedesk server.
  2. Double-click on the server name.
  3. Under the IIS subsection, find and double -click the "Server Certificates" icon.
  4. On the right-side, click "Complete Certificate Request", answer the questions correctly(including providing the correct "friendly name"), and you will have your certificate associated with the Servicedesk server. You then have completed the certificate server steps.

image001_1.png

Servicedesk Server Settings

Now you are ready to change the Servicedesk Server settings references.

  1. If not enabled, turn on the Task Tray Tool on your Servicedesk server.
  2. Right-click on the tool and select "Settings"
  3. Under Servers, highlight the "(local)" server, and click the Edit button
  4. Under Server Details, change the Deployment Root URL to be https:
  5. Under Process Manager, check the box next to "Use HTTPS"
  6. Click OK, then click OK.

image003_2.png

Servicedesk Application Properties

With the server settings changed, you next need to change the program URL references in the Application Properties. To do this:

  1. As an application administrator, open the Processmanager portal on the Servicedesk server.
  2. Click on the Admin >Data>Application Properties
  3. You should see the Application Properties Profiles section, with a ServicedeskSettings entry. Click the yellow lightning bolt, and select "Display Definition Values"
  4. Scroll through this list of properties and notice all of the URL location entries that have "http://..." listed.
  5. Now click on the yellow lightning bolt in the upper right, and select "Edit Values".
  6. The following locations should have their entries changed from a prefix of "http:" to "https:"
    1. Category: Change Management
      1. ChangeManagementUrl
    2. Category: General Settings
      1. Server Fqdn
    3. Category: Incident Management
      1. IncidentManagementUrl
      2. Hd6MigrationMonitoringServerUrl
    4. Category: Knowledge Base Management
      1. KbmanagementUrl
    5. Category: Mail Settings:
      1. InboundMailManagementUrl
    6. Category: Portal Connection
      1. ProcessManagerUrl
    7. Category: Problem Management
      1. ProblemManagementUrl
    8. Category: SMP Integration
      1. AssetViewUrl
      2. DataServicesUrl
  7. Click the Save button in the lower left corner. You should now see references similar to these:

image005_0.png

Database

Lastly, there are references in the database that are associated with tasks, and other items that must have their URL references changed. The script below will update all pertinent URL's in the database.

Script:

USE ProcessManager
GO

DECLARE @oldAddress nvarchar(50), @newAddress nvarchar(50)
SET @oldAddress = 'http:'
SET @newAddress = 'https:'

UPDATE TaskResponse 
SET URL = REPLACE(URL,@oldAddress,@newAddress) 
FROM taskresponse

UPDATE Task 
SET UrlOfProcess = REPLACE(UrlOfProcess,@oldAddress,@newAddress) 
FROM task

UPDATE Task 
SET UrlOfResponseService = REPLACE(UrlOfResponseService,@oldAddress,@newAddress) 
FROM task

UPDATE ReportProcessHistory 
SET UrlOfProcess = REPLACE(UrlOfProcess,@oldAddress,@newAddress) 
FROM ReportProcessHistory

UPDATE ReportProcessReference 
SET Url = REPLACE(Url,@oldAddress,@newAddress) 
FROM ReportProcessReference

UPDATE ReportProcess 
SET UrlOfProcess = REPLACE(UrlOfProcess,@oldAddress,@newAddress) 
FROM ReportProcess

UPDATE ReportProcess 
SET ReferralURL = REPLACE(ReferralURL,@oldAddress,@newAddress) 
FROM ReportProcess

UPDATE profile_service_desk_settings 
SET [kbmanagement_url] = REPLACE([kbmanagement_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [risk_score] = REPLACE([risk_score],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [server_fqdn] = REPLACE([server_fqdn],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [hd_6_migration_monitoring_service_url] = REPLACE([hd_6_migration_monitoring_service_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [change_management_url] = REPLACE([change_management_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [problem_management_url] = REPLACE([problem_management_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [incident_management_url] = REPLACE([incident_management_url],@oldAddress,@newAddress) FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [asset_view_url] = REPLACE([asset_view_url],@oldAddress,@newAddress) FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [data_services_url] = REPLACE([data_services_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [process_manager_url] = REPLACE([process_manager_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE profile_service_desk_settings 
SET [inbound_mail_management_url] = REPLACE([inbound_mail_management_url],@oldAddress,@newAddress) 
FROM profile_service_desk_settings

UPDATE MasterSettings
SET [GlobalServiceLocationURL] = REPLACE([GlobalServiceLocationURL],@oldAddress,@newAddress) 
FROM MasterSettings

UPDATE MasterSettings
SET [BaseURLToEnsemble] = REPLACE([BaseURLToEnsemble],@oldAddress,@newAddress) 
FROM MasterSettings

Conclusion

Please also be reminded that there will have been emails sent to users that have embedded URL's associated to specific tickets. These URL's will NOT be correct, as the process will not have known about the HTTPS change. Therefore you should inform those users that the links will not be usable for tickets prior to the SSL conversion date. All generated URL's going forward from the conversion date WILL be functional.

You may have additional applications, workflows the are activated by automation rules, and possibly other application properties that need to be changed as well. This article does not cover those customized details, but the procedures will be very similar.