The DX NetOps Enable HTTPS for NetOps Portal documentation topic goes over SSL configurations.
We upgraded a Portal server that already had SSL configured on CA signed certificates. When running the SslConfig health check it reports issues with the Event Manager and Device Manager services SSL configurations.
How to we fix this, enabling SSL for those services, without disturbing the existing SSL configuration and certificates?
How do I configure HTTPS on Event Manager and Device Manager?
The SslConfig health check shows these messages in some sections of the output.
In the "============= Validating DX NetOps Portal Console Settings =============" section:
Validating configuration file
Critical: The entry dm.url is incorrect in file /opt/CA/PerformanceCenter/PC/webapps/pc/WEB-INF/cfg/portal.console.properties
Ensure that the properties pc.protocol, pc.port, dm.url, and em.url in the portal.console.properties file are correct
In the "============= Validating Event Manager Settings =============" section:
Validating configuration file
Critical: The entry dm.url is incorrect in file /opt/CA/PerformanceCenter/EM/webapps/EventManager/WEB-INF/em.properties
Ensure that the properties em.web.port, dm.url, and em.url in the em.properties file are correct
Validating data_sources2 table
Critical: The data source port and protocol in the mysql database do not match the configured values.
Ensure that the EventManager datasource is registered properly in the DX NetOps Portal Console UI
In the "============= Validating Device Manager Settings =============" section:
Validating Local Settings (DM Protocol)
Critical: The value for the URL protocol for Device Manager is not set to https
Run SsoConfig and set the Local Override for the Web Service Scheme to https
Validating Local Settings (DM Port)
Critical: The value for the port for Device Manager is not set
Run SsoConfig and set the Local Override for the Web Service Port to your desired port (For example: 8482)
Validating Remote Settings (Console Protocol)
Warning: The value for the URL protocol for Device Manager is not set to https
Run SsoConfig and set the Remote Value for the Web Service Scheme to https
Validating Remote Settings (DM Port)
Warning: The value for the port for Device Manager is not set
Run SsoConfig and set the Remote Value for the Web Service Port to your desired port (For example: 8482)
Validating Local and Remote Settings (DM Port)
Warning: Local and remote Ports do not match
Typically the Local Override and Remote Value are the same. Run SsoConfig and set the values for the Web Service Port to your desired port (For example: 8482)
Validating ssl.ini Settings
Critical: The entry jetty.ssl.port is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
Critical: The entry jetty.httpConfig.securePort is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
Critical: The entry jetty.https.port is incorrect in file /opt/CA/PerformanceCenter/DM/start.d/ssl.ini
Edit the DM/start.d/ssl.ini file. Ensure the entry for --module=ssl, the port entries match your Device Manager Port, the passwords match the password used to import the certificate, and the key and trust store paths point to your keystore
Validating configuration file
Critical: The entry dm.port is incorrect in file /opt/CA/PerformanceCenter/DM/webapps/dm/WEB-INF/dm.properties
Ensure that the properties dm.protocol, dm.port, and pc.url in the dm.properties file are correct
Validating data_sources2 table
Critical: The data source port and protocol in the mysql database do not match the configured values.
Verify the port and protocol settings in the data_sources2 table
In the "============= Health Check Results =============" section we see:
All tests of the Single Sign On module succeeded.
DX NetOps Portal Console validation failure count: 1
Event Manager validation failure count: 2
Device Manager validation failure count: 8
DX NetOps Portal installs with HTTPS enabled, then upgrade from 22.2.7 and earlier releases to 22.2.8 and newer releases
In 22.2.7 and earlier releases only Portal SSL was supported.
In 22.2.8 new features were added to enable SSL for Event Manager and Device Manager services. It's done automatically when running the SslConfig script to configure SSL.
If SslConfig was used in 22.2.7 and earlier releases, or SSL was configured manually, it will leave the Event Manager and Device Manager services in HTTP configurations.
To resolve this run the SslConfig script. Choose to configure SSL.
It will recognize that Portal is already properly configured with an existing SSL certificate. The DM and EM processes will use that same certificate already in place.
Confirm the ports for each service. Default recommendation per documentation are:
Processes will restart after the configuration is saved.
Run a new SSL Health Check afterwards with SslConfig. Confirm everything shows as passing.
The SslConfig run assumes the default name for the jetty keystore file of "keystore" in the installation path. If the keystore file has a different name, such as "keystore.ks", the ssl.ini files in each of the folders will require updates to reflect the correct keystore file name. If updating those files, ensure the services are restarted.