Installing a CA-signed certificate into the embedded web server
When you install TrueSight Capacity Optimization, an Apache web server is automatically installed, and a private key with a self-signed certificate is generated during installation. The web server is a part of the web application component of the Application Server.
To prevent certificate-related warnings while accessing the TrueSight Capacity Optimization from a browser, you must install a certificate that is signed by a Certification Authority (CA) into the web server. The certificate can be signed by an enterprise CA or a third-party CA.
After you install the CA-signed certificate, a trusted TLS communication is established between the browser and the web server.
Before you begin
Ensure that you have the CA-signed certificates and the private key. These files must be saved to the server directory where all the certificate and key files are available.
- Save the private key file (*.key) at the following path: $BCO_HOME/3rd_party/apache2/pki/tls/private
- Save the certificate files (*.cer or crt) at the following path: $BCO_HOME/3rd_party/apache2/pki/tls/certs
If you receive the domain-specific certificate (for example, myserver.crt) and intermediate certificate chain (for example, intermediate.crt) from a CA, concatenate the intermediate.crt to myserver.crt. For example, use the following command on a Linux system for concatenating certificates:
cat intermediate.crt >> myserver.crt
For more information about concatenating certificates, see the SSLCertificateFile directive at the website.
To install the signed certificate
- Back up the private key file and the certificate file that you obtained from the CA authority.
- Open the ssl.conf file, and check the names of certificate and private key file names. This file is available in the following directory: $BCO_HOME/3rd_party/apache2/conf
Rename the CA-signed certificate and private key with the same certificate and key file names that are defined in ssl.conf.
- Copy the renamed certificate and private key files to the following directory:
Certificate file: $BCO_HOME/3rd_party/apache2/pki/tls/certs
Private key file: $BCO_HOME/3rd_party/apache2/pki/tls/private
Log on to the host computer where the Application Server is installed.
Run the following command to restart the Apache web server.
./cpit restart httpd
The new URL to connect to TrueSight Capacity Optimization will be https://<HOSTNAME>/console.
To validate a trusted connection
To verify that a trusted connection is established with the web server, complete the following steps:
- Close all browser windows.
Open a new browser window, and type the URL to access the TrueSight Capacity Optimization console.
If the certificate is correctly applied, the secure symbol is displayed besides the https:// URL as shown in the following image:
If the browser still shows a warning about an insecure connection, verify that the trusted root certificate from the CA is available in the certificate store or the keystore of your browser.