1.6.3 Procedure to enable HTTPS connections

Before you begin

• Log in to the JP1/AO server as a user with administrator or root permissions.

• Stop the JP1/AO service.

  For non-cluster systems:

  Execute the hcmds64srv command with the stop option specified.

  For cluster systems:

  Use the cluster software to bring the service offline.

• Check the path of the SSL server certificate to be imported.

• Check the path of the truststore file.

  In Windows:

  Common-Component-installation-folder\uCPSB\jdk\jre\lib\security\jssecacerts

  In Linux:

  Common-Component-installation-folder/uCPSB/jdk/jre/lib/security/jssecacerts

• If a truststore already exists, check the access password for the truststore.

To enable HTTPS connections:

1. Change the settings in the user_httpsd.conf file to enable HTTPS connection.

   The user_httpsd.conf file is stored in the following folder:

   • If the OS of the JP1/AO server is Windows

     Common-Component-installation-folder\uCPSB\httpsd\conf

   • If the OS of the JP1/AO server is Linux

     /opt/HiCommand/Base64/uCPSB/httpsd/conf

   Change the settings in the user_httpsd.conf file as follows:

   • Delete heading hash marks (#) from the Listen directive line on which the port number used for HTTPS connection is specified, and the following lines up to the </VirtualHost> line, except the SSLECCCertificateKeyFile, SSLECCCertificateFile and SSLCACertificateFile directive line.

   • To disable all connections other than HTTPS connections, further change the settings as follows:

     • Add a hash mark (#) at the beginning of the Listen and Listen [::]: directive lines on which the port number used for HTTP connections is specified, to comment out the lines.

     • Delete the hash mark (#) at the beginning of the Listen 127.0.0.1: directive line.

   The following shows the initial settings (for HTTP connections) of the user_httpsd.conf file that exist when JP1/AO has just been installed , and the settings of that file changed to use HTTPS connections. In the following example, default port numbers are used: 22015 for HTTP connections and 22016 for HTTPS connections.

   Settings in the user_httpsd.conf file specified to use HTTP connections (initial settings):

   ServerName host-name
   Listen 22015
   Listen [::]:22015
   #Listen 127.0.0.1:22015
   SSLDisable
   #Listen 22016
   #Listen [::]:22016
   #<VirtualHost *:22016>
   #  ServerName host-name
   #  SSLEnable
   #  SSLProtocol TLSv12
   #  SSLRequiredCiphers AES256-SHA256:AES256-SHA:AES128-SHA256:AES128-SHA:DES-CBC3-SHA
   #  SSLRequireSSL
   #  SSLCertificateKeyFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/httpsdkey.pem" 
   #  SSLCertificateFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/httpsd.pem" 
   #  SSLECCCertificateKeyFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/ecc-httpsdkey.pem" 
   #  SSLECCCertificateFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/ecc-httpsd.pem" 
   #  SSLCACertificateFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/cacert/anycert.pem"
   #</VirtualHost>
   #HWSLogSSLVerbose On
   

   Settings in the user_httpsd.conf file specified to use HTTPS connections (changed settings):

   ServerName host-name
   #Listen 22015
   #Listen [::]:22015
   Listen 127.0.0.1:22015
   SSLDisable
   Listen 22016
   Listen [::]:22016
   <VirtualHost *:22016>
     ServerName host-name
     SSLEnable
     SSLProtocol TLSv12
     SSLRequiredCiphers AES256-SHA256:AES256-SHA:AES128-SHA256:AES128-SHA:DES-CBC3-SHA
     SSLRequireSSL
     SSLCertificateKeyFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsdkey.pem"
     SSLCertificateFile "Common-Component-installation-folder/httpsd/conf/ssl/server/httpsd.pem"
   # SSLECCCertificateKeyFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/ecc-httpsdkey.pem"
   # SSLECCCertificateFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/server/ecc-httpsd.pem"
   # SSLCACertificateFile "Common-Component-installation-folder/uCPSB/httpsd/conf/ssl/cacert/anycert.pem"
   </VirtualHost>
   #HWSLogSSLVerbose On

2. Start the JP1/AO service.

   For non-cluster systems:

   Execute the hcmds64srv command with the start option specified.

   For cluster systems:

   Use the cluster software to bring the service online.

3. Update the URL information used for establishing a connection from the Web browser to the JP1/AO server.

   Execute the hcmds64chgurl command in the command prompt to update the URL information.

   For the URL, specify the host name or the IP address that is specified for the SSL server certificate.

4. If the OS of the JP1/AO server is Windows, change the URL of the shortcut file to the page displayed by performing the following operation:

   From the Start menu, select All Program, JP1_Automatic Operation, and then JP1_AO Login.

Important

If the connection between the Web browser and JP1/AO is configured incorrectly, the HBase 64 Storage Mgmt Web Service might fail to start, preventing the JP1/AO login window from appearing.