1.6.3 Procedure to enable HTTPS connections

Set up the httpsd.conf file, and then store the private key file and SSL server certificate file in the specified folder to enable HTTPS connections on the Web server.

Before you begin

• Log in to the JP1/AO server as a user with Administrator permissions.

• Stop the JP1/AO service.

  For non-cluster systems:

  Execute the hcmdssrv command with the /stop option specified.

  For cluster systems:

  Use the cluster software to bring the service offline.

To enable HTTPS connections:

1. Change the settings in the httpsd.conf file so that HTTPS connections can be used.

   The httpsd.conf file is stored in the following folder:

   Common-Component-installation-folder\httpsd\conf

   In the httpsd.conf file, the directives to use HTTPS connections are commented out by default, and use of HTTP connections is specified. To enable HTTPS connections, change the httpsd.conf file as follows:

   • Comment out the directives that are not necessary for HTTPS connections.

   • Add the directives necessary for HTTPS connections.

   • Enable the directives that are necessary for HTTPS connections and that are commented out by default.

   Tip

   In the httpsd.conf file, lines that begin with a hash mark (#) are treated as comment lines. Deleting # at the beginning of a line allows the line to function as a directive.

   The following shows the settings in the httpsd.conf file after JP1/AO is installed (HTTP connections are used), and the settings in the httpsd.conf file that are changed to use HTTPS connections. In the following example, default port numbers are used: 23015 for HTTP connections and 23016 for HTTPS connections.

   Settings of the httpsd.conf file for using HTTP connections (default)

   Listen 23015
   Listen [::]:23015
   SSLDisable
   
   SSLSessionCacheSize 0
   #Listen 23016
   #Listen [::]:23016
   #<VirtualHost *:23016>
   #  ServerName JP1/AO-server-name-or-IP-address
   #  SSLEnable
   #  SSLProtocol SSLv3 TLSv1
   #  SSLRequiredCiphers AES256-SHA:AES128-SHA:DES-CBC3-SHA
   #  SSLRequireSSL
   #  SSLCertificateFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsd.pem"
   #  SSLCertificateKeyFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsdkey.pem"
   #  SSLCACertificateFile "Common-Component-installation-folder/httpsd/conf/ssl/cacert/anycert.pem"
   #  SSLSessionCacheTimeout 3600
   #</VirtualHost>
   

   Settings of the httpsd.conf file for using HTTPS connection (after the change)

   #Listen 23015#1
   #Listen [::]:23015#1
   Listen 127.0.0.1:23015#2
   SSLDisable
   
   SSLSessionCacheSize 0
   Listen 23016#3
   Listen [::]:23016#3
   <VirtualHost *:23016>#3
     ServerName JP1/AO-server-name-or-IP-address#3
     SSLEnable#3
     SSLProtocol SSLv3 TLSv1#3#4
     SSLRequiredCiphers AES256-SHA:AES128-SHA:DES-CBC3-SHA#3
     SSLRequireSSL#3
     SSLCertificateFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsd.pem"#3
     SSLCertificateKeyFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsdkey.pem"#3
   #  SSLCACertificateFile "Common-Component-installation-folder/httpsd/conf/ssl/cacert/anycert.pem"#5
     SSLSessionCacheTimeout 3600#3
   </VirtualHost>#3
   

   #1

   This directive is not necessary for using HTTPS connections. Add # at the beginning of the line to comment out the line.

   #2

   Add this line as a directive necessary for using HTTPS connections.

   #3

   This directive is necessary for using HTTPS connections. Delete # at the beginning of the line to enable the line.

   #4

   Specify "TLSv11 TLSv12" for the SSLProtocol. By doing so, you can allow connections using only TLS 1.1 or TLS 1.2.

   #5

   This directive is necessary for using the SSL server certificate issued by the chained CA for using HTTPS connections. If necessary, delete # at the beginning of the line to enable the line.

   Tip

   The SSL server certificate file and private key file can be stored not only in the Common-Component-installation-folder, but also in any folder specified in the httpsd.conf file. Do not include junctions or symbolic links in the specified folder.

2. For the SSLCertificateFile directive, specify the location of the SSL server certificate file by using an absolute path.

   Store the SSL server certificate file in the path specified by the SSLCertificateFile directive in the httpsd.conf file.

3. For the SSLCertificateKeyFile directive, specify the location of the private key file by using an absolute path.

   Store the private key file in the path specified by the SSLCertificateKeyFiled directive in the httpsd.conf file.

4. If you want to use the SSL server certificate file issued by the chained CA, use the SSLCACertificateFile directive to specify the location of the chained CA certificate file by using an absolute path.

5. Execute the hcmdsfwcancel command to register firewall exceptions.

6. Start the JP1/AO service.

   For non-cluster systems:

   Execute the hcmdssrv command with the /start option specified.

   For cluster systems:

   Use the cluster software to bring the service online.

7. Update the URL information used for establishing a connection from the Web browser to the JP1/AO server.

   Execute the hcmdschgurl command in the command prompt to update the URL information.

   For the URL, specify the host name or the IP address that is specified for the SSL server certificate.

Related topics

• Starting and stopping JP1/Base in the Job Management Partner 1/Base User's Guide

• Logging in to JP1/AO in the Job Management Partner 1/Automatic Operation Administration Guide

• Maintenance in the Job Management Partner 1/Automatic Operation Administration Guide

To Page Top