Working with SSL


 

The SSL protocol provides several features that enable secure transmission of Web traffic. These features include data encryption, server authentication, and message integrity.

 

You can enable secure communication from web clients to the NetFlow Analyzer server using SSL.

 

Note The steps provided describe how to enable SSL functionality and generate certificates only. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, please refer to the SSL resources at http://www.apache.org and http://www.modssl.org

 

Stop the server, if it is running, and follow the steps below to enable SSL support:

Generating a valid certificate

  1. Generate the encryption certificate and name it as server.keystore
  2. Copy the generated server.keystore file to the <NetFlowAnalyzer_Home>/conf directory

Disabling HTTP

When you have enabled SSL, HTTP will continue to be enabled on the web server port (default 8090). To disable HTTP follow the steps below:

  1. Edit the server.xml file present in <NetFlowAnalyzer_Home>/server/default/deploy/jbossweb-tomcat50.sar directory.
  2. Comment out the HTTP connection parameters, by placing the <!-- tag before, and the --> tag after the following lines:
    <!-- A HTTP/1.1 Connector on port 8090 -->
    <Connector port="8090" address="${jboss.bind.address}"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="8493" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true"/>

Enabling SSL

  1. In the same file, enable the HTTPS connection parameters, by removing the <!-- tag before, and the --> tag after the following lines:
    <!-- SSL/TLS Connector configuration using the admin devl guide keystore
    <Connector port="8493" address="${jboss.bind.address}"
    maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
    scheme="https" secure="true" clientAuth="false"
    keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
    keystorePass="rmi+ssl" sslProtocol = "TLS" />
    -->
     
  2. Replace the default values for the following parameters as follows:
    Default Value New Value
    keystoreFile=
    "${jboss.server.home.dir}/conf/chap8.keystore
    keystoreFile=
    "${jboss.server.home.dir}/conf/server.keystore
    keystorePass="rmi+ssl" keystorePass="pqsecured"

Changing the web server port

  1. Edit the sample-bindings.xml file present in <NetFlowAnalyzer_Home>/server/default/conf directory
  2. Replace the default values for the following parameters as follows:
    Default Value New Value
    <xsl:variable name="portHttps" select="$port + 363"/> <xsl:variable name="portHttps" select="8493"/>

    </delegate-config>
    <binding port="8090"/>

    </service-config>

    </delegate-config>
    <binding port="8493"/>

    </service-config>

Verifying SSL Setup

  1. Restart the NetFlow Analyzer server
  2. Verify that the following message appears:

    Server started.

    Please connect your client at http://localhost:8493

  3. Connect to the server from a web browser by typing https://<hostname>:8493 where <hostname> is the machine where the server is running
Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine