Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 - Smart Device Manager


3.12.2 Procedure for setting up server certificates for SSL communication on the smart device manager

Set up the server certificate for SSL communication and private key on the smart device manager.

Procedure

  1. Store the server certificate for SSL communication and private key in the following folder:

    JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder\mgr\uC\httpsd\conf\ssl\server

  2. Add the definitions to the httpsd.conf file.

    The httpsd.conf file is stored in the following location:

    JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder\mgr\uC\httpsd\conf

    Add the following lines and comment out the lines described below.

    ServerName localhost or host-name
     
    #--Omitted--
    Listen 26080
    <VirtualHost localhost or host-name:26080>
    <Location /jp1itdm2sdm>
         Allow from all
    </Location>
    </VirtualHost>
     
    Listen 26056
    <VirtualHost localhost:26056>
    <Location /rest>
         Allow from command
    </Location>
    </VirtualHost>
     
    #--Uncomment out the following lines--
    Listen 26055
    <VirtualHost host-name:26055>
        SSLEnable
        SSLProtocol TLSv1 TLSv11 TLSv12
        SSLCertificateFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/newcert.pem" 
        SSLCertificateKeyFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/newkeyRSA.pem" 
        #SSLCertificateKeyPassword "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/server/.keypasswd" 
        LoadModule proxy_module modules/mod_proxy.so
        LoadModule proxy_http_module modules/mod_proxy_http.so
        <Location /server01/api/v1.0>
            ProxyPass http://localhost:26057/rest/itdmsdapi
            Allow from all
        </Location>
        <Location /server01/api/version>
            ProxyPass http://localhost:26057/rest/itdmsdapi/version
            Allow from all
        </Location>
    </VirtualHost>
     
    Listen 26057
    <VirtualHost localhost:26057>
    <Location /rest>
         Allow from all
    </Location>
    </VirtualHost>
    #--End of the change--
     
    Include "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/CC/web/redirector/mod_jk.conf"
    Legend:

    httpsd.pem: Server certificate file name (PEM format)

    httpsdkey.pem: Private key file name (PEM format)

    .keypasswd: Password file name

    Important

    When operating with the server certificate issued by the chained CA, this directive sets the certificate of chained CA. By combining multiple certificate files, you can mix multiple certificates into one file.

    Example

    SSLCACertificateFile "JP1/ITDM2 - SDM (Smart Device Manager)-installation-folder/mgr/uC/httpsd/conf/ssl/cacert/anycert.pem"

    Important

    If you set a password when creating the private key for the Web server, you need to create a password file by using the sslpasswd.bat command, and then set the SSLCertificateKeyPassword directive.

    Important

    In the case that you use the Management Console from computers other than the computer you installed Smart Device Manager, modify the httpsd.conf file by the following steps.

    1. Open the httpsd.conf file by editor.

      The httpsd.conf file exists in the following directory.

      installation directory of JP1/IT Desktop Management 2 -

      Smart Device Manager (Smart Device Manager)\mgr\uC\httpsd\conf

    2. Replace the keyword "localhost" with the hostname or IP address of Smart Device Manager. The relevant locations are as follows.

      "localhost"

      "ServerName"

    3. Add the hostname or IP Address of Smart Device Manger with ":" and the port number, After the keyword "VirtualHost". The relevant location is as follow.

      "<VirtualHost localhost:26080>".

      Furthermore, if you add a hostname assigned multiple IP addresses, the first IP

      address resolved from the hostname is allowed to connect.

    4. Restart the service JP1/ITDM2 - Smart Device Manager Web Server of JP1/IT Desktop Management 2 - Smart Device Manager.

Related Topics