...
Note | ||||
---|---|---|---|---|
| ||||
Upgrading the Uptime Monitoring Station will overwrite the changes to httpd.conf, so when the upgrade is complete, be sure to update the httpd.conf file again. |
Configuring SSL
To configure SSL browsing in the Uptime web interface, you must generate a server certificate, which identifies that server is using SSL for security, and perform some platform-specific configuration. The following steps will cover this process.
Generate or obtain a server certificate
You can purchase a recognized certificate from a vendor such as Verisign or Thawte.
...
Code Block |
---|
cd <openssl_dir>/bin openssl req -new -x509 -newkey rsa:4096 -nodes -out uptime_ssl_server.crt -keyout uptime_ssl_server.key |
Working with wildcard certs / pfx certs
You'll need to pull key and crt files from the pfx first. To do this:
...
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out uptime_ssl_key.pem –nodes - Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out uptime_ssl_cert.pem - Run the following command to remove the passphrase from the private key:
openssl rsa -in uptime_ssk_key.pem -out uptime_ssl_server.key - Run the following command to produce the cert file
openssl pkcs12 -in certname.pfx -clcerts -nokeys -out uptime_ssl_server.crt
Move the files to the Uptime Infrastructure Monitor directory
Copy the following files to the <uptime_dir>/apache/conf directory where <uptime_dir> is the installation directory of Uptime (the default installation directory is C:\Program Files\uptime software\uptime on Windows and /usr/local/uptime on Linux).
- uptime_ssl_server.key
- uptime_ssl_server.crt
Update httpd.conf
The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.
...
Code Block | ||
---|---|---|
| ||
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS SSLHonorCipherOrder On SSLSessionCache none <VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> SSLEngine on DocumentRoot "<uptime_dir>/GUI" SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt" SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key" </VirtualHost> <VirtualHost *:9999> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] </VirtualHost> |
Update uptime.conf
Open the <uptime_dir>/uptime.conf file for editing and change the httpContext parameter (which begins with "httpContext=http://") to reflect the use of SSL:
Code Block | ||
---|---|---|
| ||
httpContext=https://<Server_Hostname>:443 |
Restart the Uptime Web Server
For the changes to take effect, restart the Uptime Web Server on Windows or uptime_httpd on Linux.
...