Configuring HTTPS After Installation

The N1 Service Provisioning System installation program prompts you to choose to select HTTPS or HTTP for the browser interface to use to connect to the web interface of the Master Server. If you selected HTTPS during the installation, but you did not supply a keystore file and a keystore password during the installation you must manually copy the keystore file to the provisioning system keystore directory. You must also create an encoded keystore password and configure the password in the server.xml file.

How to Copy the Keystore File

Complete the following steps to copy the keystore file to the N1SPS5.1-MasterServer-home/server/tomcat/keystore file.

Before You Begin

Generate an SSL Certificate, and obtain a signature from a Certifying Authority if necessary. For instructions, see Creating a Keystore File and Keystore Password for HTTPS Connections.

Steps

1. Move the keystore file to the Master Server home directory.

   %mv /keystore-location N1SPS5.1-MasterServer-home/server/tomcat/keystore

   /keystore-location is the location and filename where you stored the generated key. N1SPS5.1-MasterServer-home is the directory where you installed the Master Server.

2. Change to the directory where you moved the keystore file.

   % cd N1SPS5.1-MasterServer-home/server/tomcat/

   N1SPS5.1-MasterServer-home is the directory where you installed the Master Server.

3. Set the ownership and permissions on the keystore file:

   %chmod 600 keystore

   %chown MS_user:MS_group keystore

   MS_user is the user that owns the Master Server application. MS_group is the group that owns the Master Server application.

How to Create and Configure an Encoded Keystore Password

When you generate an SSL certificate, you create a keystore file and you supply a keystore password. The provisioning system must store the keystore password in the server.xml file. For added security, the provisioning system requires an encoded version of the password to store in the server.xml file.

Steps

1. Change to the directory on the Master Server that contains the crkeys command.

   %cd N1SPS5.1-MasterServer-home/server/bin

   N1SPS5.1-MasterServer-home is the directory where you installed the Master Server.

2. Create an encoded version of the password that you created when you created the keystore file.

   % crkeys -epass -password password

   password is the password that you created while generating the SSL certificate.

   The crkeys tool prints the encoded password on the screen. Make note of the encoded password.

3. Change to the directory where the Tomcat configuration files are located.

   % cd /N1SPS5.1-MasterServer-home/server/tomcat/conf

   N1SPS5.1-MasterServer-home is the directory where you installed the Master Server.

4. Edit the Factory element to include the encoded password.

   <Factory className="com.raplix.rolloutexpress.ui.web.EncodedPasswordSSLFactory" clientAuth="false" protocol="TLS" keystoreFile="/opt/SUNWn1sps/N1_Service_Provisioning_System_5.1/server/tomcat/keystore" keystorePass="ADD_ENCODED_PASSWORD_HERE"/>

   Change ADD_ENCODED_PASSWORD_HERE to the encoded version of the password.