article Implementing SSL for the Web Interface

Version of up.time affected Affected Platforms
All All

Configuring SSL

To configure SSL browsing in the up.time web interface, you must generate a server certificate, which identifies that server is using SSL for security, and perform some platform-specific configuration. The following steps will cover this process.

  1. Generate or obtain a server certificate.
  2. You can purchase a recognized certificate from a vendor such as Verisign or Thawte.

    Alternately, you can generate your own non-recognized certificate. A non-recognized certificate is one that does not come from a certificate-issuing authority. To generate a non-recognized certificate, download and install the OpenSSL software. OpenSSL binaries for Windows can be obtained from Shining Light Productions.

    Once OpenSSL is installed, enter the following commands (changing <openssl_dir> to the proper path for the OpenSSL installation directory) at the command line to generate the certificate key. The example uses 1024 bit encryption; if required, you can increase to your preferred value:

    cd <openssl_dir>/bin
    openssl genrsa -des3 -out uptime_ssl_server.key 1024
    openssl req -new -key uptime_ssl_server.key -out uptime_ssl_server.csr
    openssl x509 -req -days 365 -in uptime_ssl_server.csr -signkey 
       uptime_ssl_server.key -out uptime_ssl_server.crt

  3. Create a passphrase file.
  4. Create a passphrase file containing your SSL server password specified in the previous step. The up.time Web Server will require the password each time it restarts but a passphrase file will automate the request, so user intervention is not necessary.

    Windows:
    Open notepad and enter the following line where <your_SSL_server_password> is the password for your generated certificate keys.

    @echo <your_SSL_server_password>

    Save the file as passphrase.cmd.

    Linux:
    Open vim and enter the following lines; <your_SSL_server_password> is the password for your generated certificate keys.

    #!/bin/bash

    echo "<your_SSL_server_password>"

    Save the file as passphrase.cmd.

    Make the file executable.

    chmod +x passphrase.cmd

  5. Move the files to the up.time directory.
  6. Copy the following files to the <uptime_dir>/apache/conf directory where <uptime_dir> is the installation directory of up.time (the default installation directory is C:\Program Files\uptime software\uptime on Windows and /usr/local/uptime on Linux).

    • uptime_ssl_server.key
    • uptime_ssl_server.crt
    • passphrase.cmd

  7. Update httpd.conf.
  8. The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.

    Open <uptime_dir>/apache/conf/httpd.conf for editing. Where <uptime_dir> appears below, change it to reflect the directory where you have up.time installed (ex. c:/Program Files/uptime software/uptime). All path slashes in httpd.conf need to be forward slashes (rather than the usual backslash that is used in Windows).

    To make browsing to the up.time UI easy for users, have it listen on the default up.time UI port, 9999, as well as the typical HTTP and HTTPS ports, 80 and 443.
    Above the line "Listen 9999", add the following two lines:

    Listen 80
    Listen 443

    To handle requests on each of these ports, 80, 443, and 9999, and redirect (actually rewrite) them properly, we will leverage the mod_rewrite.so module, so we need to enable it. In the httpd.conf file, uncomment the following two lines.

    LoadModule rewrite_module modules/mod_rewrite.so

    LoadModule ssl_module/mod_ssl.so


    NOTE: On Linux installations of up.time 7.2 and earlier, the mod_rewrite.so file is not bundled with up.time, so it is necessary to download it from the bottom of this article and copy it to the <uptime_dir>/apache/modules directory.
    Then, in httpd.conf, add the "LoadModule rewrite_module modules/mod_rewrite.so" line after "# LoadModule foo_module modules/mod_foo.so". If issues are experienced with the version of mod_rewrite.so attached, try creating a symlink to the mod_rewrite.so file provided by the Linux distribution instead.

    Finally, the last part is to add entries in httpd.conf that will rewrite the requests as HTTPS. At the bottom of the httpd.conf file, add these lines, changing <uptime_dir> to the directory of your up.time installation:

    SSLMutex default
    SSLPassPhraseDialog "exec:<uptime_dir>/apache/conf/passphrase.cmd"
    SSLSessionCache none

    <VirtualHost *:80>
     RewriteEngine on
     RewriteCond %{SERVER_PORT} !^443$
     RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
    </VirtualHost>

    <VirtualHost *:443>
     SSLEngine on
     DocumentRoot "<uptime_dir>/GUI"
     SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt"
     SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key"
    </VirtualHost>

    <VirtualHost *:9999>
     RewriteEngine on
     RewriteCond %{SERVER_PORT} !^443$
     RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
    </VirtualHost>

  9. Update uptime.conf.
  10. Open the <uptime_dir>/uptime.conf file for editing and change the httpContext parameter (which begins with "httpContext=http://") to reflect the use of SSL:

    httpContext=https://<Server_Hostname>:443

  11. Restart the services.
  12. For the changes to take effect, restart the up.time Data Collector and up.time Web Server on Windows or uptime_core and uptime_httpd on Linux.

    Windows:
    Restart the up.time Data Collector" service.
    Restart the "up.time Web Server" service.

    Linux:

    service uptime_core restart
    service uptime_httpd restart

Attachments


article mod_rewrite.so (Size: 59.0 KB - Downloads: 531)

Related Articles


'up.time Data Collector is unavailable' error in web interface

RatingViews
article

If you have recently changed the hostname of your monitoring station and receive the message "Database Not Responding" in the monitoring station web interface, you must make the following...

By: uptime Support | Date Created: 10-1-2009 | Last Modified: 10-18-2013 | Index: 379

  2773

Can the up.time agent be bound to a specific interface?

RatingViews
article

There are no agent settings to enable it to be bound to a specific network interface. By default, the up.time agent is designed to listen on all interfaces on the desired agent port (default...

By: uptime Support | Date Created: 10-14-2009 | Last Modified: 8-13-2011 | Index: 427

  1260

Oracle database not responding in up.time interface

RatingViews
article

If you are seeing a Database Not Responding message in up.time GUI, with something similar to the following error: =================== Database is not responding ...

By: uptime Support | Date Created: 10-14-2009 | Last Modified: 8-13-2011 | Index: 436

  2472

Modify session timeout on the up.time User Interface

RatingViews
article

To modify the session timeout value for the up.time User Interface: 1. Open the following file: //apache/php/php.ini 2. Edit the following line: session.cache_expire = 180 (note that the value is...

By: uptime Support | Date Created: 7-7-2011 | Last Modified: 8-11-2011 | Index: 535

  1334

Is Performance Monitor Interface required to monitor WebSphere?

RatingViews
article

Yes, up.time utilizes the information provided by pmi in order to produce performance graphs so it is required to be installed on the target WebSphere server.

By: uptime Support | Date Created: 8-20-2010 | Last Modified: 8-10-2011 | Index: 492

  1904

User Comments



No comments have been posted.

Copyright © 2020 IDERA, Inc.   Legal   Privacy Statement