Reconfiguring Linux Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of HTTPS
This topic describes how to reconfigure the Linux versions of Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of the default HTTPS. It provides detailed configuration steps to make the secured communication between the components.
Before you begin
- Take a snapshot of your VMs or back up your servers. This precaution is necessary if you make a mistake and need to roll back your changes!
- When importing certificates, keypairs, or keystores, use the JRE embedded with the product or the latest version of JRE/Java installed on your host.
- If you are using a Google Chrome browser and encounter the weak ephemeral Diffie-Hellman key error, see KA428034 for a helpful workaround. To review this workaround in context, see To configure AMREPO to work with SSL HTTPS.
- For detailed steps on creating Root CA certificates or importing self-signed certificates, see Enabling SSL HTTPS on Windows CLM applications that currently use HTTP.
To configure Platform Manager from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. If you are running HA, you only need to run the following commands on the primary host. SSL-level certification is not required on the secondary HA host.
- Make sure the CSM service is running on the primary Platform Manager host.
For example, enter the following command:
ps -ef | grep bmccsm Verify or update the config.ini file (by default, located at /opt/bmc/BMCCloudLifeCycleManagement/Platform_Manager/configuration) with the following parameters:
org.osgi.service.http.port=7070
jetty.port=7070
jetty.ssl.password=changeit
jetty.ssl.keypassword=changeitMake sure to save the config.ini file.
Verify or update the the configuration in the ../Platform_Manager/csm-bootstrap.properties file with the following parameters:
PersistenceNodeProtocol=http
NodeProtocol=http
NodePort=7070
PersistenceNodePort=7070Make sure to save the csm-bootstrap.properties file.
- Verify or update the configuration in the ../Platform_Manager/configuration/cloudservices.json file with the following changes:
Set the secureJetty attributeValue to false and the description to Use HTTP.
{
"cloudClass" : "com.bmc.cloud.model.beans.CloudService",
"accessValues" : [ {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"accessAttribute" : {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "Boolean",
"description" : "Use HTTP",
"guid" : "b15fc770-4119-4cd6-bea6-1efdc5ecc768",
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "secureJetty"
},
"attributeValue" : "false",
"description" : "Use HTTP",
"guid" : "2aacb37d-0b0c-48f2-b85f-e010e3705f49",
"name" : "secureJetty"
}Set the attributeValue of Jetty port, CSM Local Port, and CSM Global Registry URL to 7070.
Make sure that you also set the localhost attribute value to "localhost:7070".{
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"accessAttribute" : {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "Integer",
"description" : "Jetty Port",
"guid" : "f1f036cc-7050-4a08-9e00-2a38cedaeef9",
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "jettyPort"
},
"attributeValue" : "7070",
"description" : "Jetty Port",
"guid" : "e2513a26-1c6c-4fd1-9267-d3ff3d00b94a",
"name" : "jettyPort"
}
{
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"accessAttribute" : {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "Integer",
"description" : "CSM Local Port",
"guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "csm.local.port"
},
"attributeValue" : "7070",
"description" : "CSM Local Port",
"guid" : "b86fb3c3-d5c8-46dc-8d7d-5be05a392aff",
"name" : "csm.local.port"
}
},{
"cloudClass" : "com.bmc.cloud.model.beans.CloudService",
"accessValues" : [ {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"accessAttribute" : {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "String",
"description" : "CSM Global Registry URL",
"guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "csm.global.url"
},
"attributeValue" : "localhost:7070",
"description" : "CSM Global Registry URL",
"guid" : "45cb9fc3-ac7e-49de-88d4-4d1042c48061",
"name" : "csm.global.url"
}, {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"accessAttribute" : {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "Integer",
"description" : "CSM Local Port",
"guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "csm.local.port"
},
"attributeValue" : 7070,
"description" : "CSM Local Port",
"guid" : "80e5622d-4dbc-49de-9ca6-deef7627e7f5",
"name" : "csm.local.port"
} ],
"cloudServiceDefinition" :
"/cloudservicedefinition/4bc19dbb-22e5-4a3d-a294-c3749e2b2947",
"cloudServiceDefinitionObject" : {
"cloudClass" : "com.bmc.cloud.model.beans.CloudServiceDefinition",
"accessAttributes" : [ {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "String",
"description" : "CSM Global Registry URL",
"guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
"hasValueObject" : [ {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"attributeValue" : "localhost:7070",
"guid" : "79c5b890-1b4e-4514-8e28-ddd216551b3c",
"name" : "csm.global.url"
} ],
"isOptional" : false,
"isPassword" : false,
"length" : 255,
"modifiableWithoutRestart" : false,
"name" : "csm.global.url"
}, {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
"datatype" : "Integer",
"description" : "CSM Local Port",
"guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
"hasValueObject" : [ {
"cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
"attributeValue" : "7070",
"guid" : "de64d5ff-ff11-4e2d-b1e0-941072b4ae95",
"name" : "csm.local.port"Make sure to save the cloudservices.json file.
Set the value parameter in the ../Platform_Manager/configuration/PreferenceGroup.json file to http and 7070.
{
"cloudClass": "com.bmc.cloud.model.beans.PreferenceGroupNameValuePair",
"guid": "98d27d82-44fc-41c8-bde0-007f0fa8fc2f",
"name": "clmui base URL",
"value": "http://clm-aus-005121/clmui"
},{- Stop the CSM service and then perform the following actions:
- Back up the cache and data folders in ../Platform_Manager.
- Back up the org.eclipse.* folders in ../Platform_Manager\configuration.
- Delete the cache, data, and org.eclipse.* folders.
- Update the Platform Manager Root URL in the CMF:PluginConfiguration form on the Cloud Portal and Database AR System server to http and 7070.
- Start the CSM service.
- Restart the Cloud Portal and Database AR System service.
- Use RESTClient to verify the Platform Manager SSL connection by using the SSL link.
To configure Cloud Portal Web Application from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate.
- Update /opt/bmc/CloudPortalWebApplication/tomcat/conf/server.xml.
Replace the Connector entry:
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000"
keystoreFile="/opt/bmc/CloudPortalWebApplication/clmui/Certificates
/clmuiSslCertificate.cert"
keystorePass="changeit" maxThreads="150" port="8443" scheme="https"
secure="true" sslProtocol="TLS"/>With the following information:
<Connector connectionTimeout="20000" port="9070"
protocol="HTTP/1.1"
redirectPort="9443"/>
Restart Cloud Portal Web Application service.
For example:/opt/bmc/CloudPortalWebApplication/tomcat/bin/shutdown.sh
/opt/bmc/CloudPortalWebApplication/tomcat/bin/startup.sh
To configure CLM Self-Checker from HTTPS to HTTP with a Self-Signed Certificate
Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate.
- Update /opt/bmc/selfchecker/tomcat/conf/server.xml.
Replace the Connector entry:
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000"
keystoreFile="/opt/bmc/selfchecker/selfchecker/Certificates
/selfcheckSslCertificate.cert"
keystorePass="changeit" maxThreads="150" port="8443" scheme="https"
secure="true" sslProtocol="TLS"/>With the following information:
<Connector connectionTimeout="20000" port="8090" protocol="HTTP/1.1"
redirectPort="8443"/>
Restart the Self Checker service.
For example:
/opt/bmc/selfchecker/tomcat/bin/shutdown.sh
/opt/bmc/selfchecker/tomcat/bin/startup.sh
Related topic
Using-CLM-applications-with-third-party-Certification-Authority-certificates