Configure NetOps Portal Single Sign-On to Use HTTPS

Configure
NetOps Portal
Single Sign-On (SSO) to use HTTP-Secure (HTTPS).
Use the following process to configure
NetOps Portal
SSO to use HTTPS:

Edit the
NetOps Portal
SSO Startup Files

Edit the
NetOps Portal
SSO startup files to support HTTPS for
NetOps Portal
for SSO.
Follow these steps:
  1. Change to the following directory by issuing the following command:
    cd
    <installation_directory>
    /sso
    • installation_directory
      The installation directory for
      NetOps Portal
      .
      Default:
      /opt/CA/PerformanceCenter
  2. Complete the following based on your version:
    • (22.2.7 and higher) Open the
      start.d/http.ini
      file, apply the following changes, and then save your changes:
      • Find the following lines and update them, as follows:
        Original Text
        # To enable ssl, modify this line to use module https # Module: http --module=http
        New Text
        # To enable ssl, modify this line to use module https # Module: https --module=https
    • (22.2.6 and lower) Open the
      start.ini
      file, apply the following changes, and then save your changes:
      • Find the following lines and update them, as follows:
        Original Text
        # To enable ssl, modify this line to use module https # Module: http --module=http
        New Text
        # To enable ssl, modify this line to use module https # Module: https --module=https
      • Find the following lines, uncomment them, as follows:
        Original Text
        # To enable ssl, uncomment this line module # Module: ssl #--module=ssl #etc/ssl-lucky13.xml
        New Text
        # To Enable ssl, uncomment this line module # Module: ssl --module=ssl etc/ssl-lucky13.xml
  3. Open the
    sso/start.d/ssl.ini
    file, , and based on your version, uncomment the following configuration lines, specify the port, keystore, and password information from the SSL certificate-setup process, and then save your changes:
    • (22.2.7 and higher)
      # To Enable ssl, uncomment this line module # Module: ssl #--module=ssl #etc/ssl-lucky13.xml # SSL # define the port to use for secure redirection #jetty.ssl.port=
      <port>
      #jetty.https.port=
      <port>
      #jetty.httpConfig.securePort=
      <port>
      # Set up a keystore and truststore #jetty.sslContext.keyStoreType=JKS #jetty.sslContext.keyStorePath=etc/
      <keystore>
      #jetty.sslContext.trustStorePath=etc/
      <keystore>
      # Set up passwords #jetty.sslContext.keyStorePassword=
      <password>
      #jetty.sslContext.keyManagerPassword=
      <password>
      #jetty.sslContext.trustStorePassword=
      <password>
      Example:
      # To Enable ssl, uncomment this line module # Module: ssl --module=ssl etc/ssl-lucky13.xml # SSL # define the port to use for secure redirection jetty.ssl.port=8182 jetty.https.port=8182 jetty.httpConfig.securePort=8182 # Set up a keystore and truststore jetty.sslContext.keyStoreType=JKS jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore # Set up passwords jetty.sslContext.keyStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.keyManagerPassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.trustStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83
    • (22.2.6 and lower)
      # SSL # define the port to use for secure redirection #jetty.ssl.port=
      <port>
      #jetty.https.port=
      <port>
      #jetty.httpConfig.securePort=
      <port>
      # Set up a keystore and truststore #jetty.sslContext.keyStoreType=JKS #jetty.sslContext.keyStorePath=etc/
      <keystore>
      #jetty.sslContext.trustStorePath=etc/
      <keystore>
      # Set up passwords #jetty.sslContext.keyStorePassword=
      <password>
      #jetty.sslContext.keyManagerPassword=
      <password>
      #jetty.sslContext.trustStorePassword=
      <password>
      Example:
      # SSL # define the port to use for secure redirection jetty.ssl.port=8182 jetty.https.port=8182 jetty.httpConfig.securePort=8182 # Set up a keystore and truststore jetty.sslContext.keyStoreType=JKS jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore # Set up passwords jetty.sslContext.keyStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.keyManagerPassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83 jetty.sslContext.trustStorePassword=1y7v1ugg1zsp1yf41w9f1wu81vnw1rpg1tv31z0f1tvz1rp61vn61wu61w8b1yf21zt11uha1y83
    • port
      The port for secured communication between
      NetOps Portal
      and the SSO Service. Enter
      8382
      .
      For more information about the ports to use for secured communication, see Review Installation Requirements and Considerations.
      Default:
      PC_SSL_PORT
    • keystore
      The name of the keystore file that is used to store the certificate.
      Example:
      keystore
      The keystore file must be in the
      <installation_directory>
      /jetty/etc
      directory.
      • installation_directory
        The default installation directory for
        NetOps Portal
        .
        Default:
        /opt/CA/PerformanceCenter
      Example:
      keystore
    • password
      The password for the keystore that is selected when creating the certificate.
      By default, the password values for the
      jetty.sslContext.keyStorePassword
      ,
      jetty.sslContext.keyManagerPassword
      , and
      jetty.sslContext.trustStorePassword
      parameters are stored in plain text. However, you can obfuscate them.
      For more information, see Obfuscate Jetty Passwords.
  4. (Optional) To disable all protocols except TLSv1.2, open the
    <installation_directory>
    /jetty/etc/jetty-ssl-context.xml
    file, add the following code to the end of the file before
    </Configure>
    , and then save your changes:
    <Set name="IncludeProtocols"> <Array type="java.lang.String"> <Item>TLSv1.2</Item> </Array> </Set>
    • installation_directory
      The default installation directory for
      NetOps Portal
      .
      Default:
      /opt/CA/PerformanceCenter

Restart the Services

Apply the
NetOps Portal
and SSO configuration (the settings) by stopping and restarting
NetOps Portal
.
NetOps Portal
SSO is configured to use HTTPS.