Working with SSL

The SSL protocol provides several features that enable secure transmission of Web traffic. These features include data encryption, server authentication, and message integrity.

You can enable secure communication from web clients to the EventLog Analyzer server using SSL.

The steps provided describe how to enable SSL functionality and generate certificates only. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, please refer to the SSL resources at http://www.apache.org and http://www.modssl.org




Stop the server, if it is running, and follow the steps below to enable SSL support:

Generating a valid certificate

1. If you have a keystore file for using HTTPS, place the file under <EventLog Analyzer Home>\server\default\conf directory and rename it as "chap8.keystore"
2. If you do not have the keystore file, please follow the steps to create the same.
• Open <EventLog Analyzer Home>\server\default\conf directory and execute the following command in the command prompt.
  "<EventLog Analyzer Home>\jre\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore chap8.keystore
• During the execution of the above command, it will prompt you for keystore password, enter "rmi+ssl" as password. See Note below.
• It will also prompt for 5 questions on first and last name, organizational unit, organization, city, state, country code.
• Fill in the fields and for confirmation type 'y' and press 'Enter'.
• Again press 'Enter' for password for tomcat.
  A file named 'chap8.keystore' will be created in the <EventLogAnalyzer Home>\server\default\conf directory.

Disabling HTTP

When you have enabled SSL, HTTP will continue to be enabled on the web server port (default 8080). To disable HTTP follow the steps below:

1. Edit the server.xml file present in <EventLog Analyzer_Home>/server/default/deploy/jbossweb-tomcat50.sar directory.
2. Comment out the HTTP connection parameters, by placing the <!-- tag before, and the --> tag after the following lines:
   

<!-- A HTTP/1.1 Connector on port 8400 --> <Connector port="8400" address="${jboss.bind.address}" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"/>

 

Enabling SSL

1. In the same file, enable the HTTPS connection parameters, by removing the <!-- tag before, and the --> tag after the following lines:
   
   

   <!-- <!-- SSL/TLS Connector configuration using the admin devl guide keystore --> <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="rmi+ssl" sslProtocol = "TLS" /> -->

 

While creating keystore file, you can enter the password as per your requirement. But ensure that the same password is configured, in the server.xml file. Example password is configured as rmi+ssl.

 

Configuring HTTPS Configuration Parameters for 64 bit/128 bit encryption

If you want to configure the HTTPS connection parameters for 64 bit/128 bit encryption, add the following parameter at the end of the SSL/TLS Connector tag:

SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"

Verifying SSL Setup

1. Restart the EventLog Analyzer server.
2. Verify that the following message appears:
   

   Server started.

   Please connect your client at http://localhost:8400

3. Connect to the server from a web browser by typing https://<hostname>:8763 where <hostname> is the machine where the server is running