• Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS
• WARNING: In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority)

• Pro.Monitor HTTPS port number is set 8443 by default
• If you are running on Linux:
  • Set the new HTTPS port in “HTTPS redirection port” field
  • Using port 443 is not always possible: To use ports below 1024 requiers to grant specific authorizations.
  • A simple workaround is to create a routing rule such as: iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8443
  • Restart the promonitor service from Maintenance menu

• If you are running on Windows:
  • Set the new HTTPS port in “HTTPS redirection port” field
  • Run [PRO_MONITOR_HOME]\bin\pro_monitorw.exe
  • Open Java tab
  • Change -Dhttp.port.ssl value to the new port number
  • Restart the promonitor service

• The default certificate embbeded with the server will not work in Multi-instance mode: agents will refuse the connection because the certificate is not bound to server IP address
• In this case, you must generate a self signed certificate and bind it to the local IP
• Generated certificates will be stored in the keystore
• Pro.Monitor keystore is located in the certificates/.keystore file of Pro.Monitor install folder

• The default certificate for Pro.Monitor is using localhost as common name.
• If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname

Self signed certificate:

• You can generate an autosigned certificate by clicking on “Generate a self-signed certificate”
• Enter the domain name or the IP address of your instance and save

Certificates from a trusted authority

• In order to install this certificate, refere the manual installation below

* There are several reasons why you might need to register self signed certificates for secure connections:

• Secure LDAP
• Secure plugin
• Secure primary server (for agents)
• Secure SAPControl or portal connection

• Use the import certificate button to fetch and trust certificates from reachable sites.
• Simply click on Download and install a self-signed certificate
• Enter the URL of the server holding the certificate you want to import as suche hostname:port (use 443 for most cases)
• Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.)

• Copy the certificate file in CER format in [PRO_MONITOR_HOME]/certificates/
• Run: keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]

• Run : keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12 -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore

Note: Pro.Monitor keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore