Smarts NCM: How to add or remove ciphers in server.xml and verify the same in web browser
search cancel

Smarts NCM: How to add or remove ciphers in server.xml and verify the same in web browser

book

Article ID: 331144

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution


Below are the steps to add or remove ciphers in NCM:
  1. Log into the Application Server via CLI
  2. Set home variable by doing the following:
    source /etc/voyence.conf
  3. Navigate to $VOYENCE_HOME/ncmcore/conf
  4. You will find server.xml file here
  5. Create a backup of server.xml file before making any changes so you can restore the file any moment
  6. Open server.xml in vi editor mode: vi server.xml
  7. Enable vi edit mode by pressing "i"
  8. Navigate to below tag in server.xml file:
    <!--  <Connector port="8880" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="5" maxSpareThreads="75"
                enableLookups="false" disableUploadTimeout="true" ^M
                acceptCount="100"   scheme="https" secure="true" protocol="org.apache.coyote.http11.Http11NioProtocol"^M
                keystoreFile="/opt/smarts-ncm/conf/voyence-ssl.keystore"^M
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" keystorePass="change management"^M
              ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5"/> -->
  9. Uncomment the Connector tag by removing "<!--" open and "-->" closing tags.                                                                  (Note: You will find two <Connector port="8880"> tags in server.xml. One will be uncommented by default (below line <Executor maxThreads="300" minSpareThreads="50" name="tomcatThreadPool" namePrefix="tomcat-http--"/>) You will have to uncomment tag above this tag.)
  10. Add or remove ciphers from above ciphers="" option ( Refer EMC Smarts Network Configuration Manager Security Configuration Guide to know list of supported ciphers for customer's NCM version)
  11. To save changes press ESC key and type !wq
  12. Restart vcmaster service to apply changes: 
    service vcmaster restart

To verify cipher used by browser after changes are made:
 
1.Open Mozilla firefox browser
2. Navigate to url https://<AS IP>:8880 
3. 
You will receive unsecure connection error displayed on browser screen
4. Click Advanced
5. Click Add Exception
6. You will see Apache tomcat homepage
7. Right click on empty space. Select "View Page info"
8. Go to Security Tab
9. Under "Technical Details" section you will find the cipher that is used by the browser after changes were applied in server.xml file 


Additional Information

Please refer EMC Smarts Network Configuration Manager Security Configuration Guide to know list of supported ciphers for customer's NCM version