Configure NetOps Portal Single Sign-On to Use HTTPS
Configure
NetOps Portal
Single Sign-On (SSO) to use HTTP-Secure (HTTPS).Use the following process to configure
NetOps Portal
SSO to use HTTPS:Edit the NetOps Portal SSO Startup Files
NetOps Portal
SSO Startup FilesEdit the
NetOps Portal
SSO startup files to support HTTPS for NetOps Portal
for SSO.Follow these steps:
- Change to the following directory by issuing the following command:cd<installation_directory>/sso
- installation_directoryThe installation directory forNetOps Portal.Default:/opt/CA/PerformanceCenter
- Complete the following based on your version:
- (22.2.7 and higher) Open thestart.d/http.inifile, apply the following changes, and then save your changes:
- Find the following lines and update them, as follows:Original Text# To enable ssl, modify this line to use module https # Module: http --module=httpNew Text# To enable ssl, modify this line to use module https # Module: https --module=https
- (22.2.6 and lower) Open thestart.inifile, apply the following changes, and then save your changes:
- Find the following lines and update them, as follows:Original Text# To enable ssl, modify this line to use module https # Module: http --module=httpNew Text# To enable ssl, modify this line to use module https # Module: https --module=https
- Find the following lines, uncomment them, as follows:Original Text# To enable ssl, uncomment this line module # Module: ssl #--module=ssl #etc/ssl-lucky13.xmlNew Text# To Enable ssl, uncomment this line module # Module: ssl --module=ssl etc/ssl-lucky13.xml
- Open thesso/start.d/ssl.inifile, , and based on your version, uncomment the following configuration lines, specify the port, keystore, and password information from the SSL certificate-setup process, and then save your changes:
- (22.2.7 and higher)# To Enable ssl, uncomment this line module # Module: ssl #--module=ssl #etc/ssl-lucky13.xml # SSL # define the port to use for secure redirection #jetty.ssl.port=<port>#jetty.https.port=<port>#jetty.httpConfig.securePort=<port># Set up a keystore and truststore #jetty.sslContext.keyStoreType=JKS #jetty.sslContext.keyStorePath=etc/<keystore>#jetty.sslContext.trustStorePath=etc/<keystore># Set up passwords #jetty.sslContext.keyStorePassword=<password>#jetty.sslContext.keyManagerPassword=<password>#jetty.sslContext.trustStorePassword=<password>Example:# To Enable ssl, uncomment this line module # Module: ssl --module=ssl etc/ssl-lucky13.xml # SSL # define the port to use for secure redirection jetty.ssl.port=8182 jetty.https.port=8182 jetty.httpConfig.securePort=8182 # Set up a keystore and truststore jetty.sslContext.keyStoreType=JKS jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore # Set up passwords jetty.sslContext.keyStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.keyManagerPassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.trustStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83
- (22.2.6 and lower)# SSL # define the port to use for secure redirection #jetty.ssl.port=<port>#jetty.https.port=<port>#jetty.httpConfig.securePort=<port># Set up a keystore and truststore #jetty.sslContext.keyStoreType=JKS #jetty.sslContext.keyStorePath=etc/<keystore>#jetty.sslContext.trustStorePath=etc/<keystore># Set up passwords #jetty.sslContext.keyStorePassword=<password>#jetty.sslContext.keyManagerPassword=<password>#jetty.sslContext.trustStorePassword=<password>Example:# SSL # define the port to use for secure redirection jetty.ssl.port=8182 jetty.https.port=8182 jetty.httpConfig.securePort=8182 # Set up a keystore and truststore jetty.sslContext.keyStoreType=JKS jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore # Set up passwords jetty.sslContext.keyStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.keyManagerPassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.trustStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83
- portThe port for secured communication betweenNetOps Portaland the SSO Service. Enter8382.For more information about the ports to use for secured communication, see Review Installation Requirements and Considerations.Default:PC_SSL_PORT
- keystoreThe name of the keystore file that is used to store the certificate.Example:keystoreThe keystore file must be in thedirectory.<installation_directory>/jetty/etc
- installation_directoryThe default installation directory forNetOps Portal.Default:/opt/CA/PerformanceCenter
Example:keystore - passwordThe password for the keystore that is selected when creating the certificate.By default, the password values for thejetty.sslContext.keyStorePassword,jetty.sslContext.keyManagerPassword, andjetty.sslContext.trustStorePasswordparameters are stored in plain text. However, you can obfuscate them.For more information, see Obfuscate Jetty Passwords.
- (Optional) To disable all protocols except TLSv1.2, open thefile, add the following code to the end of the file before<installation_directory>/jetty/etc/jetty-ssl-context.xml</Configure>, and then save your changes:<Set name="IncludeProtocols"> <Array type="java.lang.String"> <Item>TLSv1.2</Item> </Array> </Set>
- installation_directoryThe default installation directory forNetOps Portal.Default:/opt/CA/PerformanceCenter
Restart the Services
Apply the
NetOps Portal
and SSO configuration (the settings) by stopping and restarting NetOps Portal
.NetOps Portal
SSO is configured to use HTTPS.