Reconfiguring Linux Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of HTTPS

Warning

Most BMC customers should not need to use these steps in a normal Cloud Lifecycle Management environment. You would only reconfigure the Platform Manager to use HTTP in highly-unusual circumstances.

This topic describes how to reconfigure the Linux versions of Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of the default HTTPS. It provides detailed configuration steps to make the secured communication between the components.

Note

Mixing protocols in a BMC Cloud Lifecycle Environment deployment is not supported. All of the BMC Cloud Lifecycle Environment components (for example, AR System Mid Tier, Platform Manager, Quick Start, and the My Cloud Services console) must be in HTTP mode or in HTTPS mode.

Tip

Copy and paste the SSL commands into a text editor, strip out the line breaks, and modify the syntax for your environment.

Before you begin

Take a snapshot of your VMs or back up your servers. This precaution is necessary if you make a mistake and need to roll back your changes!
When importing certificates, keypairs, or keystores, use the JRE embedded with the product or the latest version of JRE/Java installed on your host.
If you are using a Google Chrome browser and encounter the weak ephemeral Diffie-Hellman key error, see KA428034 for a helpful workaround. To review this workaround in context, see To configure AMREPO to work with SSL HTTPS.

Note

BMC tests SSL with OpenSSL generated certificates, as shown in this topic. But most customers in their production environments have root certificates issued by trusted certificate authorities (CA), for example, Symantec.

For detailed steps on creating Root CA certificates or importing self-signed certificates, see Enabling SSL HTTPS on Windows CLM applications that currently use HTTP.

To configure Platform Manager from HTTPS to HTTP with a Self-Signed Certificate

Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. If you are running HA, you only need to run the following commands on the primary host. SSL-level certification is not required on the secondary HA host.

Make sure the CSM service is running on the primary Platform Manager host.
For example, enter the following command:
ps -ef | grep bmccsm
Verify or update the config.ini file (by default, located at /opt/bmc/BMCCloudLifeCycleManagement/Platform_Manager/configuration) with the following parameters:
org.osgi.service.http.port=7070
jetty.port=7070
jetty.ssl.password=changeit
jetty.ssl.keypassword=changeit
Make sure to save the config.ini file.
Verify or update the the configuration in the ../Platform_Manager/csm-bootstrap.properties file with the following parameters:
PersistenceNodeProtocol=http
NodeProtocol=http
NodePort=7070
PersistenceNodePort=7070
Make sure to save the csm-bootstrap.properties file.
Verify or update the configuration in the ../Platform_Manager/configuration/cloudservices.json file with the following changes:
1. Set the secureJetty attributeValue to false and the description to Use HTTP.
  {
  "cloudClass" : "com.bmc.cloud.model.beans.CloudService",
  "accessValues" : [ {
     "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
     "accessAttribute" : {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "Boolean",
       "description" : "Use HTTP",
       "guid" : "b15fc770-4119-4cd6-bea6-1efdc5ecc768",
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "secureJetty"
      },
     "attributeValue" : "false",
     "description" : "Use HTTP",
     "guid" : "2aacb37d-0b0c-48f2-b85f-e010e3705f49",
     "name" : "secureJetty"
    }
2. Set the attributeValue of Jetty port, CSM Local Port, and CSM Global Registry URL to 7070.
  Make sure that you also set the localhost attribute value to "localhost:7070".
  
  {
     "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
     "accessAttribute" : {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "Integer",
       "description" : "Jetty Port",
       "guid" : "f1f036cc-7050-4a08-9e00-2a38cedaeef9",
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "jettyPort"
      },
     "attributeValue" : "7070",
     "description" : "Jetty Port",
     "guid" : "e2513a26-1c6c-4fd1-9267-d3ff3d00b94a",
     "name" : "jettyPort"
  }
  {
     "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
     "accessAttribute" : {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "Integer",
       "description" : "CSM Local Port",
       "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "csm.local.port"
      },
     "attributeValue" : "7070",
     "description" : "CSM Local Port",
     "guid" : "b86fb3c3-d5c8-46dc-8d7d-5be05a392aff",
     "name" : "csm.local.port"
    }
  
  },{
  "cloudClass" : "com.bmc.cloud.model.beans.CloudService",
  "accessValues" : [ {
     "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
     "accessAttribute" : {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "String",
       "description" : "CSM Global Registry URL",
       "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "csm.global.url"
      },
     "attributeValue" : "localhost:7070",
     "description" : "CSM Global Registry URL",
     "guid" : "45cb9fc3-ac7e-49de-88d4-4d1042c48061",
     "name" : "csm.global.url"
    }, {
     "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
     "accessAttribute" : {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "Integer",
       "description" : "CSM Local Port",
       "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "csm.local.port"
      },
     "attributeValue" : 7070,
     "description" : "CSM Local Port",
     "guid" : "80e5622d-4dbc-49de-9ca6-deef7627e7f5",
     "name" : "csm.local.port"
    } ],
  "cloudServiceDefinition" :
    "/cloudservicedefinition/4bc19dbb-22e5-4a3d-a294-c3749e2b2947",
  "cloudServiceDefinitionObject" : {
     "cloudClass" : "com.bmc.cloud.model.beans.CloudServiceDefinition",
     "accessAttributes" : [ {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "String",
       "description" : "CSM Global Registry URL",
       "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
       "hasValueObject" : [ {
         "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
         "attributeValue" : "localhost:7070",
         "guid" : "79c5b890-1b4e-4514-8e28-ddd216551b3c",
         "name" : "csm.global.url"
        } ],
       "isOptional" : false,
       "isPassword" : false,
       "length" : 255,
       "modifiableWithoutRestart" : false,
       "name" : "csm.global.url"
      }, {
       "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
       "datatype" : "Integer",
       "description" : "CSM Local Port",
       "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
       "hasValueObject" : [ {
         "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
         "attributeValue" : "7070",
         "guid" : "de64d5ff-ff11-4e2d-b1e0-941072b4ae95",
         "name" : "csm.local.port"
  Make sure to save the cloudservices.json file.
Set the value parameter in the ../Platform_Manager/configuration/PreferenceGroup.json file to http and 7070.
Note
If you plan to have Self-Check Monitor and Cloud Portal Web Application (installed on separate hosts) also on HTTP, make sure the protocol and port values related to these products are updated accordingly.

{
     "cloudClass": "com.bmc.cloud.model.beans.PreferenceGroupNameValuePair",
     "guid": "98d27d82-44fc-41c8-bde0-007f0fa8fc2f",
     "name": "clmui base URL",
     "value": "http://clm-aus-005121/clmui"
},{
Stop the CSM service and then perform the following actions:
1. Back up the cache and data folders in ../Platform_Manager.
2. Back up the org.eclipse.* folders in ../Platform_Manager\configuration.
3. Delete the cache, data, and org.eclipse.* folders.
Update the Platform Manager Root URL in the CMF:PluginConfiguration form on the Cloud Portal and Database AR System server to http and 7070.
Start the CSM service.
Restart the Cloud Portal and Database AR System service.
Use RESTClient to verify the Platform Manager SSL connection by using the SSL link.

To configure Cloud Portal Web Application from HTTPS to HTTP with a Self-Signed Certificate

Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate.

Update /opt/bmc/CloudPortalWebApplication/tomcat/conf/server.xml.
1. Replace the Connector entry:
  
  <Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000"
  keystoreFile="/opt/bmc/CloudPortalWebApplication/clmui/Certificates
  /clmuiSslCertificate.cert"
  keystorePass="changeit" maxThreads="150" port="8443" scheme="https"
  secure="true" sslProtocol="TLS"/>
2. With the following information:
  
  <Connector connectionTimeout="20000" port="9070"
  protocol="HTTP/1.1"
  redirectPort="9443"/>
Restart Cloud Portal Web Application service.
For example:

/opt/bmc/CloudPortalWebApplication/tomcat/bin/shutdown.sh
/opt/bmc/CloudPortalWebApplication/tomcat/bin/startup.sh

To configure CLM Self-Checker from HTTPS to HTTP with a Self-Signed Certificate