How do these files- openssl.exe, keygen.cmd, keycheck.cmd - work together to bring the HTTPS protocol to Reporter?
Do we use the opensll.exe when we are providing HTTPS services to the Reporter webserver?
What will happen to the Reporter HTTP service, if I change the "SSL" files in the \utilities\ssl folder?
How do I configure SSL on my Reporter server?
Information on OPENSSL files reporter uses.
While it is true that Reporter uses OpenSSL for its HTTPS feature, the contents of the ....\utlities\ssl folder have a very limited purpose. All of the files placed there by Reporter Installation Program ( RPM for Linux, and MSI for Windows) are simply used for creating self-signed certificates, and pre-validating any custom certificates the customer wishes to import. Other than holding any of these created or imported certificates, files in this directory have nothing to do with the actual handling of SSL connections within Reporter.
The Blue Coat server process is solely responsible for connection, authentication, encryption, and management, which It does by the internaly linked, openssl library. This library does not use any external openssl.exe utility, including the one here in the /utilities/ssl folder , or any other file held here such as the openssl.cnf file.
NOTE: Making changes to the config file will have no affect on HTTPS connections within Reporter.
Because Reporter uses the openssl.exe utility for default certificate creation and external certificate validation, Windows Reporter installations must provide the utility and its configuration file found in the ssl folder, along with other command scripts.
The Linux Reporter installation does not provide an openssl utility because the OpenSSL distribution is readily available from the opensource community or your Linux provider. Thus, the ssl folder is installed with only the necessary shell scripts, similar to the command scripts in Windows installations.
The HTTPS configuration that Blue Coat offers to users, regardless of the platform they run Reporter on, is limited to turning the feature on and off, and choosing to use a default or custom certificate.
NOTE: Other than turning on HTTPS ( SSL) communications through the User interface ( UI) of Reporter, Bluecoat recomends making no changes to any configuration file it might find in the Bluecoat Reporter folders.
To turn on HTTPS, follow these steps:
NOTE1: From now on all your communciations to Reporter will need to start with HTTPS in the URI window.
NOTE2: For information on how to set this up on version 8.x, see 000012021