This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
Remedy with Smart IT
When logging in to Smart IT the chat icon remains red in a configuration of SSL and Load Balancer environment
SSL certificate is corrupt or invalid
Firs try to observe what call you are getting with F12 network capture
-Check that the values for chat are properly configured in the Centralized Configuration for the load balancer
-Validate the parameters are also properly configured inside the Openfire Admin Console for the load balancer
For CCS check below
chat.server.admin.login : <admin>
chat.server.admin.password: <password of admin user>
chat.server.cm.host: [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
chat.server.domain: [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
For Openfire Admin Console -> Server -> Server Manager -> System Properties. Ensure below parameters are correct.
Property Name- provider.auth.className
Property Value- org.jivesoftware.openfire.auth.HybridAuthProvider
Property Name- xmpp.domain
Property Value- <smartichat.fqdn>
Property Name- xmpp.fqdn
Property Value- FQDN of the Openfire Server
Property Name- hybridAuthProvider.primaryProvider.className
Property Value- org.jivesoftware.openfire.auth.DefaultAuthProvider
Property Name- hybridAuthProvider.secondaryProvider.className
Property Value- com.bmc.bsm.galileo.chat.openfire.AuthPlugin
Property Name- provider.auth.authResource
Property Value- <loadbalancerurl>/ux/rest/users/chat/
-Enable the Openfire logs in debug mode and restart the services
On this specific use case we were able to observe SSL related issues in the openfire logs. To confirm that this is not an LB issue, we tried connecting Smart-It and Openfire using the direct server host instead of the LB. But we were getting errors as the SSL certificates that they had were generated for the LB host.
We have asked the customer to follow :https://docs.bmc.com/docs/smartit1805/enabling-ssl-for-openfire-chat-server-803118141.html for importing the certificate. (Customers can import it directly from the openfire admin console or using the keystore explorer)
With keytool they imported the bnsf keystore to the Root Certificate Authority.
/opt/remedy/java/jdk/bin/keytool -importcert -trustcacerts -alias bnsfca2 -file /opt/remedy/src/bnsfCert2.cer -keystore /opt/remedy/java/jdk/jre/lib/security/cacerts
We didn't have to touch the /openfire/resources/security/.keystore file.
Once the import was done we restarted Smart IT and Openfire. It turned green and the issue got solved.