Table of Contents
HTTPS settings
Use HTTPS Only
- Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS
- WARNING: In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority)
Change HTTPS port
- Redpeaks HTTPS port number is set 8443 by default
- If you are running on Linux:
- Set the new HTTPS port in “HTTPS redirection port” field
- Using port 443 is not always possible: To use ports below 1024 requiers to grant specific authorizations.
- A simple workaround is to create a routing rule such as:
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8443 - Restart the promonitor service from Maintenance menu
- If you are running on Windows:
- Set the new HTTPS port in “HTTPS redirection port” field
- Run
[PRO_MONITOR_HOME]\bin\pro_monitorw.exe - Open
Javatab - Change
-Dhttp.port.sslvalue to the new port number - Restart the promonitor service
Certificates
Disclaimer
- The default certificate embbeded with the server will not work in Multi-instance mode: agents will refuse the connection because the certificate is not bound to server IP address
- In this case, you must generate a self signed certificate and bind it to the local IP
- Generated certificates will be stored in the keystore
- Redpeaks keystore is located in the
certificates/.keystorefile of Redpeaks install folder
Generating a certificate
- The default certificate for Redpeaks is using
localhostas common name. - If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname
Self signed certificate:
- You can generate an autosigned certificate by clicking on “Generate a self-signed certificate”
- Enter the domain name or the IP address of your instance and save
Certificates from a trusted authority
- In order to install this certificate, refere the manual installation below
Downloading and installing a self signed certificate
- If you want to establish a secure connection with a party which uses a self signed certificate, you must prealably trust this certificate.
- Once trusted, you will only be able to establish a connection by using the Common Name of the certificate as hostname.
- This typically applies when creating connections to web interfaces such as Web services or plugins such as:
- REST API connector
- Secure LDAP
- Secure plugin
- Secure primary server (for agents)
- Secure SAPControl or portal connection
Import certificate from remote sites:
- Simply click on
Download and install a self-signed certificate - Enter the URL of the server holding the certificate you want to import, such as:
hostname:port(use 443 if you don't have a specific port) - Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.)
Installing a certificate manually
- Copy the certificate file in CER format in
[PRO_MONITOR_HOME]/certificates/ - Run:
keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]
Import keystore into the Redpeaks keystore
- Run :
keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12 -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore
Note: Redpeaks keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore