3.12.2 Procedure for setting up server certificates for SSL communication on the smart device manager
Set up the server certificate for SSL communication and private key on the smart device manager.
Procedure
-
Store the server certificate for SSL communication and private key in the following folder:
JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder\mgr\uC\httpsd\conf\ssl\server
-
Add the definitions to the httpsd.conf file.
The httpsd.conf file is stored in the following location:
JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder\mgr\uC\httpsd\conf
Add the following lines and comment out the lines described below.
ServerName localhost or host-name #--Omitted-- Listen 26080 <VirtualHost localhost or host-name:26080> <Location /jp1itdm2sdm> Allow from all </Location> </VirtualHost> Listen 26056 <VirtualHost localhost:26056> <Location /rest> Allow from command </Location> </VirtualHost> #--Uncomment out the following lines-- Listen 26055 <VirtualHost host-name:26055> SSLEnable SSLProtocol TLSv1 TLSv11 TLSv12 SSLCertificateFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/newcert.pem" SSLCertificateKeyFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/newkeyRSA.pem" #SSLCertificateKeyPassword "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/.keypasswd" LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so <Location /server01/api/v1.0> ProxyPass http://localhost:26057/rest/itdmsdapi Allow from all </Location> <Location /server01/api/version> ProxyPass http://localhost:26057/rest/itdmsdapi/version Allow from all </Location> </VirtualHost> Listen 26057 <VirtualHost localhost:26057> <Location /rest> Allow from all </Location> </VirtualHost> #--End of the change-- Include "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/CC/web/redirector/mod_jk.conf"
- Legend:
-
httpsd.pem: Server certificate file name (PEM format)
httpsdkey.pem: Private key file name (PEM format)
.keypasswd: Password file name
- Important
-
When operating with the server certificate issued by the chained CA, this directive sets the certificate of chained CA. By combining multiple certificate files, you can mix multiple certificates into one file.
- Example
-
SSLCACertificateFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/cacert/anycert.pem"
- Important
-
If you set a password when creating the private key for the Web server, you need to create a password file by using the sslpasswd.bat command, and then set the SSLCertificateKeyPassword directive.
- Important
-
In the case that you use the Management Console from computers other than the computer you installed Smart Device Manager, modify the httpsd.conf file by the following steps.
-
Open the httpsd.conf file by editor.
The httpsd.conf file exists in the following directory.
installation directory of JP1/IT Desktop Management 2 -
Smart Device Manager (Smart Device Manager)\mgr\uC\httpsd\conf
-
Replace the keyword "localhost" with the hostname or IP address of Smart Device Manager. The relevant locations are as follows.
"localhost"
"ServerName"
-
Add the hostname or IP Address of Smart Device Manger with ":" and the port number, After the keyword "VirtualHost". The relevant location is as follow.
"<VirtualHost localhost:26080>".
Furthermore, if you add a hostname assigned multiple IP addresses, the first IP
address resolved from the hostname is allowed to connect.
-
Restart the service JP1/ITDM2 - Smart Device Manager Web Server of JP1/IT Desktop Management 2 - Smart Device Manager.
-
Related Topics