The HTTPS protocol provides several features that enable secure transmission of web traffic. These features include data encryption, server authentication, and message integrity. You can enable secure communication between the web clients and the EventLog Analyzer server using HTTPS.
The steps given below describe the procedure to manually setup HTTPS. To configure HTTPS using the HTTPS configuration tool, refer to the connection settings page.
Note: The steps provided describe how to enable HTTPS functionality and generate certificates only. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, please refer to the HTTPS resources at https://www.apache.org
Procedure to manually setup HTTPS
Use the existing keystore file to configure HTTPS
Stop the EventLog Analyzer server/service, if it is running.
If you have a keystore file to configure HTTPS, place the file under <EventLog Analyzer Home>/server/conf directory and rename it as "chap8.keystore"
You can export the Wild Card certificate to a .pfx file and then follow the instructions given below to configure the same in EventLog Analyzer.
Firstly, it is considered best practice to take a backup of the existing server.xml file. This can be restored if any error or misconfiguration takes place when editing the file.
Stop ManageEngine EventLog Analyzer service.
Copy the .pfx file to the location <EventLog Analyzer Home>/conf
Go to the location <EventLog Analyzer Home>/conf and open the file server.xml in a text editor, and locate the entries in the file as below:
Note: The absolute path of keytool should be in double quotes
When you execute the above command, it will ask for keystore password. Enter the password. In our case, 'eventlog'.
Enter the answers for the six questions,
first and last name
organizational unit
organization
city
state
country code
For confirmation, type 'y' and press 'Enter' key
Press 'Enter' key again for password for Tomcat. Keystore file named 'chap8.keystore' will be created in the <EventLog Analyzer Home>/server/conf location
Step 2: Generate a CSR from the new keystore
If you want to create the Certificate Signing Request (CSR) from your Keystore using the keytool, in the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command
Type the keystore password that you assigned earlier and press the 'Enter' key.
Your CSR file named csr.txt is now created in your current directory. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the Certifying Authority (CA) web order form. Be careful in saving the keystore file (chap8.keystore) as your certificates will be installed to it later.
Step 3: How to install the HTTPS Certificate
Download your Certificate files from the email from CA to the directory where your keystore (chap8.keystore) was saved during the CSR creation process. The certificate must be installed to this exact keystore. If you try to install it to a different keystore, it will not work. The certificates you downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly.
Install the Root Certificate file:
Each time you install a certificate to your keystore, you will be prompted for the keystore password, which you assigned while generating your CSR.
In the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command to install the Root certificate file:
Note: Choose 'Yes' if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <entrustHTTPSca> Do you still want to add it to your own keystore? [no]:" You will get a confirmation stating that the "Certificate was added to keystore".
Install the intermediate certificates if any. (Follow the instructions provided by the CA)
Install the Primary Certificate file:
In the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command to install the Primary certificate file:
This time you will get a different confirmation stating that the 'Certificate reply was installed in keystore'. If it asks if you want to trust the certificate, choose 'y' or 'yes'.
Your certificates are now installed to your keystore file (keystore.key) and you just need to configure your server to use the keystore file.
If the certificate is from the internal domain, add the internal CA's root certificate to the list of trusted CAs in the Java cacerts file by executing the following command:
Note: Open the .cer file to get the name of your internal CA and provide 'changeit' as the keystore password when prompted.
Enabling and disabling HTTPS
Log in to the EventLog Analyzer web console as an administrator.
Navigate to Settings > System Settings > Connection Settings > General settings.
Use the checkbox next to Enable SSL [HTTPS] to enable or disable HTTPS.
Verify HTTPS Setup
Restart the EventLog Analyzer server.
Verify that the following message appears in the command window after the EventLog Analyzer application is started:
Copy to Clipboard
Server started.
Please connect your client at https://localdevice:8400
Connect to the server from a web browser by typing https://<devicename>:8400 where <devicename> is the machine where the server is running.
Configure HTTPS Parameters for 64 bit/128 bit encryption
If you want to configure the HTTPS connection parameters for 64 bit/128 bit encryption, edit the server.xml file present in <EventLog Analyzer Home>/conf directory. Add the following parameter at the end of the HTTPS/TLS Connector tag: