Update the Web Server Configuration to Enable SSL
These instructions apply to Apache version 2.4.6 and the steps should be taken on the designated Web server.
1. Copy the certificate files, typically generated via a certificate authority (CA), to a folder in the Web server’s Apache configuration folder.
Note: Configuration files shipped with APTARE licensed modules may use path names with recommended folder names. To use folders with different names, be sure to update all references to the recommended name in the default configuration files.
Linux, APTARE recommends using: | Windows, APTARE recommends using: |
/opt/apache/conf/ssl_cert | C:\opt\apache\conf\ssl_cert |
2. Stop the Apache and Tomcat services. From a terminal console, enter the following commands.
Linux | Windows |
/opt/aptare/bin/tomcat-agent stop /opt/aptare/bin/tomcat-portal stop /opt/aptare/bin/apache stop | C:\opt\aptare\utils\stopagent.bat C:\opt\aptare\utils\stopportal.bat C:\opt\aptare\utils\stopapache.bat |
3. Update the Apache configuration file to enable SSL.
Linux: /opt/apache/conf/httpd.conf
Windows: C:\opt\apache\conf\httpd.conf
Un-comment the following lines by removing the # character.
Linux | Windows |
#LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so | #LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf |
4. Update the Apache SSL configuration file. See
Default Apache SSL Configuration File for the sample SSL configuration file shipped with APTARE installations. Note that some of these lines may not be present in your configuration.
Linux: /opt/apache/conf/extra/httpd-ssl.conf
Windows: C:\opt\apache\conf\extra\httpd-ssl.conf
| Linux | Windows |
1. | Disable the SSLMutex by adding a # at the beginning of the SSLMutex line (if this line is listed in your configuration). | Disable the SSLMutex by adding a # at the beginning of the SSLMutex line (if this line is listed in your configuration). |
2. | Un-comment: #Include conf/extra/httpd-ssl.conf | Enable the virtual host section or sections, depending upon your configuration. |
3. | Ensure that an IP address is available for the Portal and/or Data Collection, as required. | |
Examples:
Linux: #SSLMutex "file:/opt/apache/logs/ssl_mutex"
Windows: #SSLMutex "file:c:\opt\apache\logs\ssl_mutex"
5. If any of the above configurations are missing for either the Portal or Data Collector, the host configuration information must be added to enable SSL. Refer to the
Default Apache SSL Configuration File as a guide and proceed with the following steps.
7. For each active virtual host section in the Apache SSL configuration file, ensure that declaration lines beginning with the following are un-commented (they do not have a # at the beginning of the line):
SSLEngine
SSLCipherSuite
SSLCertificateFile
SSLCertificateKeyFile
8. Add entries to the httpd-ssl.conf file for the Virtual Hosts.
9. For a Linux Web Server only, update the Apache script used to start Apache, /opt/aptare/bin/apache, to include the -D SSL parameter:
Ret="`$APACHE_HOME/bin/apachectl -D SSL -k start 2>&1"
10. If implementing SSL for Data Collection, complete the following steps:
a Ensure that the Data Collector global properties file does not have the protocol (http or https) in the URL specified in that file.
Linux | Windows |
/opt/aptare/datarcvrconf/collectorConfig.global.properties | C:\opt\aptare\datarcvrconf\collectorConfig.global.properties |
b If using a self-signed certificate, run the InstallCert utility on the Data Collection server to allow the background data collection processes to automatically accept the unsigned, unverified certificate.
The InstallCert utility is not shipped with APTARE products. Contact the APTARE Global Support Services to obtain a copy of this utility.
Linux Data Collector Server Command | Windows Data Collector Server Command |
java -classpath /opt/aptare/mbs/bin InstallCert aptareagent.<domain_name>.com:443 | "C:\program files\aptare\jre\bin\java" -classpath "C:\program files\aptare\mbs\bin" InstallCert aptareagent.<domain_name>:443 |
Warning: If you are using a self-signed certificate and the Data Collector is upgraded, the validation of the certificate may be lost and you may have to rerun the InstallCert utility for data collection to work.
c Verify that the following line is in the Portal configuration file (portal.properties):
portal.trustAllCertificates=true
If not present, add it.
Linux | Windows |
/opt/aptare/portalconf/portal.properties | C:\opt\aptare\portalconf\portal.properties |
11. Restart Apache and both Tomcat (Portal and Data Collector) services.
Linux | Windows |
/opt/aptare/bin/apache start /opt/aptare/bin/tomcat-portal start /opt/aptare/bin/tomcat-agent start | C:\opt\aptare\utils\startapache.bat C:\opt\aptare\utils\startagent.bat C:\opt\aptare\utils\startportal.bat |