products:promonitor:6.8:userguide:administration:adminconfig:https

HTTPS settings

Use HTTPS Only

  • Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS
  • WARNING: In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority)

Change HTTPS port

  • Redpeaks HTTPS port number is set 8443 by default
  • If you are running on Linux:
    • Set the new HTTPS port in “HTTPS redirection port” field
    • Using port 443 is not always possible: To use ports below 1024 requiers to grant specific authorizations.
    • A simple workaround is to create a routing rule such as: iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8443
    • Restart the promonitor service from Maintenance menu
  • If you are running on Windows:
    • Set the new HTTPS port in “HTTPS redirection port” field
    • Run [PRO_MONITOR_HOME]\bin\pro_monitorw.exe
    • Open Java tab
    • Change -Dhttp.port.ssl value to the new port number
    • Restart the promonitor service

Certificates

Disclaimer

  • The default certificate embbeded with the server will not work in Multi-instance mode: agents will refuse the connection because the certificate is not bound to server IP address
  • In this case, you must generate a self signed certificate and bind it to the local IP
  • Generated certificates will be stored in the keystore
  • Redpeaks keystore is located in the certificates/.keystore file of Redpeaks install folder

Generating a certificate

  • The default certificate for Redpeaks is using localhost as common name.
  • If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname

Self signed certificate:

  • You can generate an autosigned certificate by clicking on “Generate a self-signed certificate”
  • Enter the domain name or the IP address of your instance and save

Certificates from a trusted authority

  • In order to install this certificate, refere the manual installation below

Downloading and installing a self signed certificate

  • If you want to establish a secure connection with a party which uses a self signed certificate, you must prealably trust this certificate.
  • Once trusted, you will only be able to establish a connection by using the Common Name of the certificate as hostname.
  • This typically applies when creating connections to web interfaces such as Web services or plugins such as:
    • REST API connector
    • Secure LDAP
    • Secure plugin
    • Secure primary server (for agents)
    • Secure SAPControl or portal connection

Import certificate from remote sites:

  • Simply click on Download and install a self-signed certificate
  • Enter the URL of the server holding the certificate you want to import, such as: hostname:port (use 443 if you don't have a specific port)
  • Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.)

Installing a certificate manually

  • Copy the certificate file in CER format in [PRO_MONITOR_HOME]/certificates/
  • Run: keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]

Import keystore into the Redpeaks keystore

  • Run : keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12 -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore

Note: Redpeaks keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore

/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/promonitor/6.8/userguide/administration/adminconfig/https.txt · Last modified: 2024/05/28 17:02 by rbariou