test

N1 Grid Service Provisioning System 5.0 Installation Guide

ProcedureHow to Enable HTTPS Connections from the Master Server Browser Interface

After you have generated an SSL Certificate, and obtained a signature from a Certifying Authority if you chose to do so, you must configure the Master Server browser interface to use SSL.

Steps

  1. Stop the Master Server.


    % N1SPS5.0-MasterServer-home/server/bin/cr_server stop

    N1SPS5.0-MasterServer-home is the directory where you installed the Master Server.

  2. Move the keystore file to the Master Server home directory.


    %mv /keystore-location N1SPS5.0-MasterServer-home/server/tomcat/

    /keystore-location is the location and filename where you stored the generated key. N1SPS5.0-MasterServer-home is the directory where you installed the Master Server.

  3. Change to the directory where you moved the keystore file.


    % cd N1SPS5.0-MasterServer-home/server/tomcat/

    N1SPS5.0-MasterServer-home is the directory where you installed the Master Server.

  4. Set the ownership and permissions on the keystore file:


    %chmod 600 /keystore-location


    %chown MS_user:MS_group /keystore-location

    MS_user is the user that owns the Master Server application. MS_group is the group that owns the Master Server application. /keystore-location is the filename where you stored the generated key.

  5. Change to the directory where the Tomcat configuration files are located.


    % cd /N1SPS5.0-MasterServer-home/server/tomcat/conf

    N1SPS5.0-MasterServer-home is the directory where you installed the Master Server.

  6. In the server.xml file, uncomment the following lines. XML comments begin with <!-- and end with -->. 


    <Connector className="org.apache.catalina.connector.http.HttpConnector"
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true"
           acceptCount="10" debug="0" scheme="https" secure="true">
  <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="false" protocol="TLS"/>
</Connector>

  7. Edit the Factory element as follows.


    <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="false" protocol="TLS" 
	keystoreFile="N1SPS5.0-MasterServer-home/server/tomcat/keystore-file" keystorePass="password"/>

    N1SPS5.0-MasterServer-home/server/tomcat/keystore-file is the path to the keystore file. password is the password that you used to create the original keystore.