In order to simplify and streamline applying HTTPS/SSL to DX NetOps Network Flow Analysis and Application Delivery Analysis, the DX NetOps Support team wrote the ApplyHTTPS tool. The tool features multiple options to help get DX NetOps NFA or Application Delivery Analysis secured. You can download the ApplyHTTPS.zip file from this document. Please review the options below and see the additional notes for troubleshooting.
Latest Version: ApplyHTTPS 23.3.6 (February 13, 2024)
**For NFA versions 23.3.2+ you will have to provide a friendly DNS name / FQDN when prompted. This name you provide MUST be found in the certificate's Common Name or Subject Alternative Name**
**For ADA versions 11.2+ you will have to provide a password to access the super database. The tool assumes the database user is "super".**
If you need help generating a signed certificate, please see: NFA HTTPS: How to generate and apply signed certificates
Network Flow Analysis 9.3.3 - 23.3.6
Application Delivery Analysis 11.0 to 11.2
To minimize the time it takes to manually set up SSL for IIS, Jetty SSO, Jetty RIB, OData, and SOAP Internal Services. (OData for 21.2.4+ / SOAP for 23.3.2+)
ApplyHTTPS.exe must be ran AS AN ADMINISTRATOR.
Using the tool:
1. Option 1: Apply HTTPS. This option was written to help users apply HTTPS to a server which has never seen an HTTPS setup before as well as an NFA server which has just been upgraded and had it's HTTPS settings overwritten.
What does the tool actually do after you select your option to apply HTTPS?
Above is an example of choosing a self-signed single certificate from the Windows Personal Store. I will break down what each step does into more detail.
Other options of the tool:
Option 2: Simply set NFA to use the default HTTP configurations for IIS, Jetty SSO, OData, and Jetty RIB servers.
Above is an example of choosing option 2 "HTTP Mode". I will break down what each step does into more detail.
Option 3: Import certs for LDAPS only.
This option can be used for importing new certificates into the Java CACERTS truststore. This can be used if you are updating a Certificate Authority certificate for LDAPS. This could also be helpful if you are trying to renew a Certificate Authority certificate with Java CACERTS for Jetty SSO or Jetty RIB.
This option simply sets a flag for the next time you run ApplyHTTPS option (1). This will set up RIB and OData HTTPS if it was not set up prior. This option is not needed if RIB/OData is already using HTTPS. Please make sure the root and intermediate certificates that are used for the NFA Server are imported into the Java CACERTS truststore on the NetOps Portal. You will have to make sure both the web site and data source are set for HTTPS/443 in NetOps Portal > Administration > Data Sources > Data Sources > Edit NFA.