SSL Certificate Configuration > Update the Web Server Configuration to Enable SSL
  
Version 10.1.01
Update the Web Server Configuration to Enable SSL
These instructions apply to Apache version 2.4.6 and the steps should be taken on the designated Web server.
1. Copy the certificate files, typically generated via a certificate authority (CA), to a folder in the Web server’s Apache configuration folder.
Note: Configuration files shipped with APTARE licensed modules may use path names with recommended folder names. To use folders with different names, be sure to update all references to the recommended name in the default configuration files.
Linux, APTARE recommends using:
Windows, APTARE recommends using:
/opt/apache/conf/ssl_cert
C:\opt\apache\conf\ssl_cert
2. Stop the Apache and Tomcat services. From a terminal console, enter the following commands.
Linux
Windows
/opt/aptare/bin/tomcat-agent stop
/opt/aptare/bin/tomcat-portal stop
/opt/aptare/bin/apache stop
C:\opt\aptare\utils\stopagent.bat
C:\opt\aptare\utils\stopportal.bat
C:\opt\aptare\utils\stopapache.bat
3. Update the Apache configuration file to enable SSL.
Linux: /opt/apache/conf/httpd.conf
Windows: C:\opt\apache\conf\httpd.conf
Un-comment the following lines by removing the # character.
Linux
Windows
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
 
4. Update the Apache SSL configuration file. See Default Apache SSL Configuration File for the sample SSL configuration file shipped with APTARE installations. Note that some of these lines may not be present in your configuration.
Linux: /opt/apache/conf/extra/httpd-ssl.conf
Windows: C:\opt\apache\conf\extra\httpd-ssl.conf
 
Linux
Windows
1.
Disable the SSLMutex by adding a # at the beginning of the SSLMutex line (if this line is listed in your configuration).
Disable the SSLMutex by adding a # at the beginning of the SSLMutex line (if this line is listed in your configuration).
2.
Un-comment:
#Include conf/extra/httpd-ssl.conf
Enable the virtual host section or sections, depending upon your configuration.
3.
Ensure that an IP address is available for the Portal and/or Data Collection, as required.
 
Examples:
Linux: #SSLMutex "file:/opt/apache/logs/ssl_mutex"
Windows: #SSLMutex "file:c:\opt\apache\logs\ssl_mutex"
5. If any of the above configurations are missing for either the Portal or Data Collector, the host configuration information must be added to enable SSL. Refer to the Default Apache SSL Configuration File as a guide and proceed with the following steps.
6. If a Virtual Host declaration is missing from the default Apache SSL configuration file, add the missing virtual host declaration to the configuration file. See the relevant section for instructions in Configure Virtual Hosts for Portal and/or Data Collection SSL:
If implementing SSL for the Portal Only
If implementing SSL for Data Collection Only
If implementing SSL for Both the Portal and Data Collection.
7. For each active virtual host section in the Apache SSL configuration file, ensure that declaration lines beginning with the following are un-commented (they do not have a # at the beginning of the line):
SSLEngine
SSLCipherSuite
SSLCertificateFile
SSLCertificateKeyFile
8. Add entries to the httpd-ssl.conf file for the Virtual Hosts.
9. For a Linux Web Server only, update the Apache script used to start Apache, /opt/aptare/bin/apache, to include the -D SSL parameter:
Ret="`$APACHE_HOME/bin/apachectl -D SSL -k start 2>&1"
10. If implementing SSL for Data Collection, complete the following steps:
a Ensure that the Data Collector global properties file does not have the protocol (http or https) in the URL specified in that file.
Linux
Windows
/opt/aptare/datarcvrconf/collectorConfig.global.properties
C:\opt\aptare\datarcvrconf\collectorConfig.global.properties
b If using a self-signed certificate, run the InstallCert utility on the Data Collection server to allow the background data collection processes to automatically accept the unsigned, unverified certificate.
The InstallCert utility is not shipped with APTARE products. Contact the APTARE Global Support Services to obtain a copy of this utility.
Linux Data Collector Server Command
Windows Data Collector Server Command
java -classpath /opt/aptare/mbs/bin InstallCert aptareagent.<domain_name>.com:443
"C:\program files\aptare\jre\bin\java" -classpath "C:\program files\aptare\mbs\bin" InstallCert aptareagent.<domain_name>:443
Warning: If you are using a self-signed certificate and the Data Collector is upgraded, the validation of the certificate may be lost and you may have to rerun the InstallCert utility for data collection to work.
c Verify that the following line is in the Portal configuration file (portal.properties):
portal.trustAllCertificates=true
If not present, add it.
Linux
Windows
/opt/aptare/portalconf/portal.properties
C:\opt\aptare\portalconf\portal.properties
11. Restart Apache and both Tomcat (Portal and Data Collector) services.
Linux
Windows
/opt/aptare/bin/apache start
/opt/aptare/bin/tomcat-portal start
/opt/aptare/bin/tomcat-agent start
C:\opt\aptare\utils\startapache.bat
C:\opt\aptare\utils\startagent.bat
C:\opt\aptare\utils\startportal.bat