Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
iconfalse
titleNote
Upgrading the Uptime Monitoring Station will overwrite the changes to httpd.conf, so when the upgrade is complete, be sure to update the httpd.conf file again.

Configuring SSL

To configure SSL browsing in the Uptime web interface, you must generate a server certificate, which identifies that server is using SSL for security, and perform some platform-specific configuration. The following steps will cover this process.

Generate or obtain a server certificate

You can purchase a recognized certificate from a vendor such as Verisign or Thawte.

...

Code Block
cd <openssl_dir>/bin 
openssl req -new -x509 -newkey rsa:4096 -nodes -out uptime_ssl_server.crt -keyout uptime_ssl_server.key

Working with wildcard certs / pfx certs

You'll need to pull key and crt files from the pfx first. To do this:

...

  1. Run the following command to export the private key:
    openssl pkcs12 -in certname.pfx -nocerts -out uptime_ssl_key.pem –nodes
  2. Run the following command to export the certificate:
    openssl pkcs12 -in certname.pfx -nokeys -out uptime_ssl_cert.pem
  3. Run the following command to remove the passphrase from the private key:
    openssl rsa -in uptime_ssk_key.pem -out uptime_ssl_server.key
  4. Run the following command to produce the cert file
    openssl pkcs12 -in certname.pfx -clcerts -nokeys -out uptime_ssl_server.crt

Move the files to the Uptime Infrastructure Monitor directory

Copy the following files to the <uptime_dir>/apache/conf directory where <uptime_dir> is the installation directory of Uptime (the default installation directory is C:\Program Files\uptime software\uptime on Windows and /usr/local/uptime on Linux).

    • uptime_ssl_server.key
    • uptime_ssl_server.crt

Update httpd.conf

The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.

...

Code Block
languagexml
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
SSLHonorCipherOrder On
SSLSessionCache none

<VirtualHost *:80> 
 RewriteEngine on 
 RewriteCond %{SERVER_PORT} !^443$ 
 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] 
</VirtualHost> 

<VirtualHost *:443> 
 SSLEngine on 
 DocumentRoot "<uptime_dir>/GUI" 
 SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt" 
 SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key" 
</VirtualHost> 

<VirtualHost *:9999> 
 RewriteEngine on 
 RewriteCond %{SERVER_PORT} !^443$ 
 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] 
</VirtualHost>

Update uptime.conf

Open the <uptime_dir>/uptime.conf file for editing and change the httpContext parameter (which begins with "httpContext=http://") to reflect the use of SSL:

Code Block
languagexml
httpContext=https://<Server_Hostname>:443

Restart the Uptime Web Server

For the changes to take effect, restart the Uptime Web Server on Windows or uptime_httpd on Linux. 

...