• Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS
• WARNING: In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority)

• Redpeaks HTTPS port number is set 8443 by default
• If you are running on Linux:
  • Set the new HTTPS port in “HTTPS redirection port” field
  • Using port 443 is not always possible: To use ports below 1024 requiers to grant specific authorizations.
  • A simple workaround is to create a routing rule such as: iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8443
  • Restart the promonitor service from Maintenance menu

• If you are running on Windows:
  • Set the new HTTPS port in “HTTPS redirection port” field
  • Run [PRO_MONITOR_HOME]\bin\pro_monitorw.exe
  • Open Java tab
  • Change -Dhttp.port.ssl value to the new port number
  • Restart the promonitor service

• The default certificate embbeded with the server will not work in Multi-instance mode: agents will refuse the connection because the certificate is not bound to server IP address
• In this case, you must generate a self signed certificate and bind it to the local IP
• Generated certificates will be stored in the keystore
• Redpeaks keystore is located in the certificates/.keystore file of Redpeaks install folder

• The default certificate for Redpeaks is using localhost as common name.
• If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname

Self signed certificate:

• You can generate an autosigned certificate by clicking on “Generate a self-signed certificate”
• Enter the domain name or the IP address of your instance and save

Certificates from a trusted authority

• In order to install this certificate, refere the manual installation below

• If you want to establish a secure connection with a party which uses a self signed certificate, you must prealably trust this certificate.
• Once trusted, you will only be able to establish a connection by using the Common Name of the certificate as hostname.
• This typically applies when creating connections to web interfaces such as Web services or plugins such as:
  • REST API connector
  • Secure LDAP
  • Secure plugin
  • Secure primary server (for agents)
  • Secure SAPControl or portal connection

Import certificate from remote sites:

• Simply click on Download and install a self-signed certificate
• Enter the URL of the server holding the certificate you want to import, such as: hostname:port (use 443 if you don't have a specific port)
• Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.)

• Copy the certificate file in CER format in [PRO_MONITOR_HOME]/certificates/
• Run: keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]

• Run : keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12 -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore

Note: Redpeaks keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore