====== HTTPS settings ====== ===== Use HTTPS Only ===== * Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS * **WARNING:** In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority) ===== Change HTTPS port ===== * Redpeaks HTTPS port number is set **8443** by default * **If you are running on Linux**: * Set the new HTTPS port in "HTTPS redirection port" field * Using port **443** is not always possible: To use ports below 1024 requiers to grant specific authorizations. * A simple workaround is to create a routing rule such as: ''iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443'' * **Restart the promonitor service** from Maintenance menu * **If you are running on Windows**: * Set the new HTTPS port in "HTTPS redirection port" field * Run ''[PRO_MONITOR_HOME]\bin\pro_monitorw.exe'' * Open ''Java'' tab * Change ''-Dhttp.port.ssl'' value to the new port number * **Restart the promonitor service** {{..:..:..:userguide:administration:pasted:https1.png}} ===== Certificates ===== ==== Disclaimer ==== * The default certificate embbeded with the server **will not work in Multi-instance mode**: agents will refuse the connection because the certificate is not bound to server IP address * In this case, you must generate a self signed certificate and bind it to the local IP * Generated certificates will be stored in the keystore * Redpeaks keystore is located in the ''certificates/.keystore'' file of Redpeaks install folder ==== Generating a certificate ==== * The default certificate for Redpeaks is using ''localhost'' as common name. * If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname **Self signed certificate:** * You can generate an autosigned certificate by clicking on "Generate a self-signed certificate" * Enter the domain name or the IP address of your instance and save **Certificates from a trusted authority** * In order to install this certificate, refere the manual installation below ==== Downloading and installing a self signed certificate ==== * If you want to establish a secure connection with a party which uses a **self signed certificate**, you must prealably **trust** this certificate. * Once trusted, you will only be able to establish a connection by using the **Common Name** of the certificate as hostname. * This typically applies when creating connections to web interfaces such as Web services or plugins such as: * REST API connector * Secure LDAP * Secure plugin * Secure primary server (for agents) * Secure SAPControl or portal connection **Import certificate from remote sites:** * Simply click on ''Download and install a self-signed certificate'' * Enter the URL of the server holding the certificate you want to import, such as: ''hostname:port'' (use 443 if you don't have a specific port) * Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.) ==== Installing a certificate manually ==== * Copy the certificate file in **CER** format in ''[PRO_MONITOR_HOME]/certificates/'' * Run: ''keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]'' ==== Import keystore into the Redpeaks keystore ==== * Run : ''keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12 -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore'' **Note:** Redpeaks keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore