Reconfiguring Linux Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of HTTPS
Warning
This topic describes how to reconfigure the Linux versions of Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of the default HTTPS. It provides detailed configuration steps to make the secured communication between the components.
Note
Tip
Copy and paste the SSL commands into a text editor, strip out the line breaks, and modify the syntax for your environment.
Before you begin
- Take a snapshot of your VMs or back up your servers. This precaution is necessary if you make a mistake and need to roll back your changes!
- When importing certificates, keypairs, or keystores, use the JRE embedded with the product or the latest version of JRE/Java installed on your host.
- If you are using a Google Chrome browser and encounter the weak ephemeral Diffie-Hellman key error, see KA428034 for a helpful workaround. To review this workaround in context, see To configure AMREPO to work with SSL HTTPS.
Note
- For detailed steps on creating Root CA certificates or importing self-signed certificates, see Enabling SSL HTTPS on Windows CLM applications that currently use HTTP.
To configure Platform Manager from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. If you are running HA, you only need to run the following commands on the primary host. SSL-level certification is not required on the secondary HA host.
- Make sure the CSM service is running on the primary Platform Manager host.
For example, enter the following command:
ps -ef | grep bmccsm Verify or update the config.ini file (by default, located at /opt/bmc/BMCCloudLifeCycleManagement/Platform_Manager/configuration) with the following parameters:
org.osgi.service.http.port=7070 jetty.port=7070 jetty.ssl.password=changeit jetty.ssl.keypassword=changeit
Make sure to save the config.ini file.
Verify or update the the configuration in the ../Platform_Manager/csm-bootstrap.properties file with the following parameters:
PersistenceNodeProtocol=http NodeProtocol=http NodePort=7070 PersistenceNodePort=7070
Make sure to save the csm-bootstrap.properties file.
- Verify or update the configuration in the ../Platform_Manager/configuration/cloudservices.json file with the following changes:
Set the secureJetty attributeValue to false and the description to Use HTTP.
{ "cloudClass" : "com.bmc.cloud.model.beans.CloudService", "accessValues" : [ { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "accessAttribute" : { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "Boolean", "description" : "Use HTTP", "guid" : "b15fc770-4119-4cd6-bea6-1efdc5ecc768", "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "secureJetty" }, "attributeValue" : "false", "description" : "Use HTTP", "guid" : "2aacb37d-0b0c-48f2-b85f-e010e3705f49", "name" : "secureJetty" }
Set the attributeValue of Jetty port, CSM Local Port, and CSM Global Registry URL to 7070.
Make sure that you also set the localhost attribute value to "localhost:7070".{ "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "accessAttribute" : { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "Integer", "description" : "Jetty Port", "guid" : "f1f036cc-7050-4a08-9e00-2a38cedaeef9", "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "jettyPort" }, "attributeValue" : "7070", "description" : "Jetty Port", "guid" : "e2513a26-1c6c-4fd1-9267-d3ff3d00b94a", "name" : "jettyPort" } { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "accessAttribute" : { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "Integer", "description" : "CSM Local Port", "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced", "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "csm.local.port" }, "attributeValue" : "7070", "description" : "CSM Local Port", "guid" : "b86fb3c3-d5c8-46dc-8d7d-5be05a392aff", "name" : "csm.local.port" } },{ "cloudClass" : "com.bmc.cloud.model.beans.CloudService", "accessValues" : [ { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "accessAttribute" : { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "String", "description" : "CSM Global Registry URL", "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e", "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "csm.global.url" }, "attributeValue" : "localhost:7070", "description" : "CSM Global Registry URL", "guid" : "45cb9fc3-ac7e-49de-88d4-4d1042c48061", "name" : "csm.global.url" }, { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "accessAttribute" : { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "Integer", "description" : "CSM Local Port", "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced", "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "csm.local.port" }, "attributeValue" : 7070, "description" : "CSM Local Port", "guid" : "80e5622d-4dbc-49de-9ca6-deef7627e7f5", "name" : "csm.local.port" } ], "cloudServiceDefinition" : "/cloudservicedefinition/4bc19dbb-22e5-4a3d-a294-c3749e2b2947", "cloudServiceDefinitionObject" : { "cloudClass" : "com.bmc.cloud.model.beans.CloudServiceDefinition", "accessAttributes" : [ { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "String", "description" : "CSM Global Registry URL", "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e", "hasValueObject" : [ { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "attributeValue" : "localhost:7070", "guid" : "79c5b890-1b4e-4514-8e28-ddd216551b3c", "name" : "csm.global.url" } ], "isOptional" : false, "isPassword" : false, "length" : 255, "modifiableWithoutRestart" : false, "name" : "csm.global.url" }, { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute", "datatype" : "Integer", "description" : "CSM Local Port", "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced", "hasValueObject" : [ { "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue", "attributeValue" : "7070", "guid" : "de64d5ff-ff11-4e2d-b1e0-941072b4ae95", "name" : "csm.local.port"
Make sure to save the cloudservices.json file.
Set the value parameter in the ../Platform_Manager/configuration/PreferenceGroup.json file to http and 7070.
Note
If you plan to have Self-Check Monitor and Cloud Portal Web Application (installed on separate hosts) also on HTTP, make sure the protocol and port values related to these products are updated accordingly.{ "cloudClass": "com.bmc.cloud.model.beans.PreferenceGroupNameValuePair", "guid": "98d27d82-44fc-41c8-bde0-007f0fa8fc2f", "name": "clmui base URL", "value": "http://clm-aus-005121/clmui" },{
Stop the CSM service and then perform the following actions:
- Back up the cache and data folders in ../Platform_Manager.
- Back up the org.eclipse.* folders in ../Platform_Manager\configuration.
- Delete the cache, data, and org.eclipse.* folders.
Update the Platform Manager Root URL in the CMF:PluginConfiguration form on the Cloud Portal and Database AR System server to http and 7070.
Start the CSM service.
Restart the Cloud Portal and Database AR System service.
Use RESTClient to verify the Platform Manager SSL connection by using the SSL link.
To configure Cloud Portal Web Application from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate.
- Update /opt/bmc/CloudPortalWebApplication/tomcat/conf/server.xml.
Replace the Connector entry:
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" keystoreFile="/opt/bmc/CloudPortalWebApplication/clmui/Certificates /clmuiSslCertificate.cert" keystorePass="changeit" maxThreads="150" port="8443" scheme="https" secure="true" sslProtocol="TLS"/>
With the following information:
<Connector connectionTimeout="20000" port="9070" protocol="HTTP/1.1" redirectPort="9443"/>
Restart Cloud Portal Web Application service.
For example:/opt/bmc/CloudPortalWebApplication/tomcat/bin/shutdown.sh
/opt/bmc/CloudPortalWebApplication/tomcat/bin/startup.sh
To configure CLM Self-Checker from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate.
- Update /opt/bmc/selfchecker/tomcat/conf/server.xml.
Replace the Connector entry:
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" keystoreFile="/opt/bmc/selfchecker/selfchecker/Certificates /selfcheckSslCertificate.cert" keystorePass="changeit" maxThreads="150" port="8443" scheme="https" secure="true" sslProtocol="TLS"/>
With the following information:
<Connector connectionTimeout="20000" port="8090" protocol="HTTP/1.1" redirectPort="8443"/>
- Restart the Self Checker service.
For example:
/opt/bmc/selfchecker/tomcat/bin/shutdown.sh /opt/bmc/selfchecker/tomcat/bin/startup.sh
Related topic
Using CLM applications with third-party Certification Authority certificates
Comments
Log in or register to comment.