Configure Web Server Security

This task is used to configure the server to run in either HTTPS or HTTP mode, configure Apache web server parameters, and optionally configure the size of files being uploaded to the web server for the secure functioning of the web server and Oracle Communications Session Delivery Manager.

Note:

This section does not discuss the importation or deletion of Transport Layer security certificates for east-west peer OCSDM server communication, and for southbound communication with network function (NF) devices. These actions are handled in the Custom Installation when using the OCSDM setup installation program. Refer to the Configure Transport Layer Security Certificates section for more information.
  1. Select option 3, Web Server configuration. Press the Enter key to continue.
  2. Option 1 (HTTP/HTTPS configuration) is selected by default to configure the your web server parameters. Press Enter to continue.
    [X]  1 - HTTP/HTTPS configuration - Setup HTTP or HTTPS configuration [Default]
    [ ]  2 - Security configuration - Options below can be used to modify the Web server security configurations of OCSDM
    1. We highly recommend that you keep HTTPS mode (default) as the system running mode for your system to create secure web connections. If you need HTTP (unsecured) select option 2. Press Enter to continue.

      Note:

      OpenSSL 1.0.2e-fips or later must be installed on your linux server in order to use the HTTPS service on the Apache web server to support the options of running HTTPS with Transport Layer Security (TLS) 1.0, 1.1, and 1.2.
      
      [X]  1 - HTTPS mode [Default]
      [ ]  2 - HTTP mode
    2. Accept the default nncentral user as the Apache user.

      Note:

      You cannot use the value root for the Apache user.
      Apache User [nncentral]
    3. Accept the default nncentral group as the Apache group.

      Note:

      You cannot use the value root for either the Apache group name.
      Apache Group [nncentral] 
    4. Enter an Apache port number or accept the default port of 8443 (secure HTTPS).

      Note:

      Port 8080 is the port number for unsecured HTTP.
      Apache Port Number (1024-65535) [8443]
    5. Enter the DNS name of the server.
      Server name [] myserver1

      Note:

      The specified DNS server name must match the common name (CN) of the certificate.
    6. (For HTTPS configuration only) If your certificate is signed by a certificate authority, select option 2, No, when prompted about creating a self-signed certificate. Press Enter to continue. If your certificate is not signed, continue to sub-step g.
      1. Enter the absolute path to the private key file.
        Private key file []
      2. Enter the absolute path to the certificate file.
        Certificate file []
      3. If there are intermediate certificates, select option 1. Press Enter to continue. Then enter the absolute path to the certificate chain file. Otherwise, select the default option 2.
        Are there intermediate certificates?
        [ ]  1 - Yes
        [X]  2 - No   [Default]
    7. If you want to create a self signed certificate, select option 1, Yes. Press Enter to continue.
    8. Accent nncentral as the certificate alias name.
      Certificate alias name [nncentral]
    9. Specify a truststore password that provides write protection to the truststore where X.509 certificates are kept. X.509 certificates are used in many internet protocols, including TLS/SSL, which is the basis for HTTPS.
      Truststore password []
      The upper-level the security configuration is complete and the main web server menu returns. If you do not need to adjust the default maximum file size for files that are uploaded to the web server, your web server configuration is complete.
  3. (Optional) Select option 2, Security configuration to update the Apache HTTP Daemon (HTTPD) server configuration files, if you need to change the default value set by Oracle Communications Session Delivery Manager for files that can be uploaded to the web server. Press the Enter key to continue.
    [ ]  1 - HTTP/HTTPS configuration - Setup HTTP or HTTPS configuration [Default]
    [X]  2 - Security configuration - Options below can be used to modify the Web server security configurations of OCSDM
    1. Select option 1, Modify web server file directive size limit [Default].
      [X]  1 – Modify web server file directive size limit [Default]
      [ ]  2 - Enable TLS versions 1.1 and 1.2 (HTTPS)
      [ ]  3 – Cancel out and do not apply changes
    2. Press Enter to continue.
      [X]  1 – Modify web server file directive size limit [Default]
      [ ]  2 - Enable TLS versions 1.1 and 1.2 (HTTPS)
      [ ]  3 – Cancel out and do not apply changes
    3. You are next prompted to enter the upload file size limit in gigabytes (GB). The default size limit is 2 gigabytes.
      Web server File Size Limit in GB (2-100) [2]
      If the entered value exceeds the file-size limit, an error message displays and prompts you to re-enter the value.
  4. (Optional) By default, Transport Layer Security (TLS) 1.0 is used for HTTPS. Select option 2, Security configuration if you want to enable TLS versions 1.1 and 1.2 to be used for HTTPS instead.
    [ ]  1 - HTTP/HTTPS configuration - Setup HTTP or HTTPS configuration [Default]
    [X]  2 - Security configuration - Options below can be used to modify the Web server security configurations of OCSDM
    1. Select option 2, Enable TLS versions 1.1 and 1.2 (HTTPS).
      [ ]  1 – Modify web server file directive size limit [Default]
      [X]  2 - Enable TLS versions 1.1 and 1.2 (HTTPS)
      [ ]  3 – Cancel out and do not apply changes
    2. Press Enter to continue.
      [ ]  1 – Modify web server file directive size limit [Default]
      [X]  2 - Enable TLS versions 1.1 and 1.2 (HTTPS)
      [ ]  3 – Cancel out and do not apply changes