Reconfiguring Linux Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of HTTPS

Warning

Most BMC customers should not need to use these steps in a normal Cloud Lifecycle Management environment. You would only reconfigure the Platform Manager to use HTTP in highly-unusual circumstances.

This topic describes how to reconfigure the Linux versions of Platform Manager, Windows Cloud Portal, and Self-Checker to use HTTP instead of the default HTTPS. It provides detailed configuration steps to make the secured communication between the components.

Note

Mixing protocols in a BMC Cloud Lifecycle Environment deployment is not supported. All of the BMC Cloud Lifecycle Environment components (for example, AR System Mid Tier, Platform Manager, Quick Start, and the My Cloud Services console) must be in HTTP mode or in HTTPS mode.

Tip

Copy and paste the SSL commands into a text editor, strip out the line breaks, and modify the syntax for your environment.

Before you begin

  • Take a snapshot of your VMs or back up your servers. This precaution is necessary if you make a mistake and need to roll back your changes! 
  • When importing certificates, keypairs, or keystores, use the JRE embedded with the product or the latest version of JRE/Java installed on your host. 
  • If you are using a Google Chrome browser and encounter the weak ephemeral Diffie-Hellman key error, see KA428034 for a helpful workaround. To review this workaround in context, see To configure AMREPO to work with SSL HTTPS.

Note

BMC tests SSL with OpenSSL generated certificates, as shown in this topic.  But most customers in their production environments have root certificates issued by trusted certificate authorities (CA), for example, Symantec.

To configure Platform Manager from HTTPS to HTTP with a Self-Signed Certificate

Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. If you are running HA, you only need to run the following commands on the primary host. SSL-level certification is not required on the secondary HA host. 

  1. Make sure the CSM service is running on the primary Platform Manager host. 
    For example, enter the following command:
    ps -ef | grep bmccsm 

  2. Verify or update the config.ini file (by default, located at /opt/bmc/BMCCloudLifeCycleManagement/Platform_Manager/configuration) with the following parameters:

    org.osgi.service.http.port=7070
    jetty.port=7070
    jetty.ssl.password=changeit
    jetty.ssl.keypassword=changeit

    Make sure to save the config.ini file.

  3. Verify or update the the configuration in the ../Platform_Manager/csm-bootstrap.properties file with the following parameters:

     PersistenceNodeProtocol=http
    NodeProtocol=http
    NodePort=7070
    PersistenceNodePort=7070

    Make sure to save the csm-bootstrap.properties file.

  4. Verify or update the configuration in the ../Platform_Manager/configuration/cloudservices.json file with the following changes:
    1. Set the secureJetty attributeValue to false and the description to Use HTTP.

       {
        "cloudClass" : "com.bmc.cloud.model.beans.CloudService",
        "accessValues" : [ {
          "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
          "accessAttribute" : {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "Boolean",
            "description" : "Use HTTP",
            "guid" : "b15fc770-4119-4cd6-bea6-1efdc5ecc768",
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "secureJetty"
          },
          "attributeValue" : "false",
          "description" : "Use HTTP",
          "guid" : "2aacb37d-0b0c-48f2-b85f-e010e3705f49",
          "name" : "secureJetty"
        }
    2. Set the attributeValue of Jetty portCSM Local Port, and CSM Global Registry URL to 7070
      Make sure that you also set the localhost attribute value to "localhost:7070"

       {
          "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
          "accessAttribute" : {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "Integer",
            "description" : "Jetty Port",
            "guid" : "f1f036cc-7050-4a08-9e00-2a38cedaeef9",
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "jettyPort"
          },
          "attributeValue" : "7070",
          "description" : "Jetty Port",
          "guid" : "e2513a26-1c6c-4fd1-9267-d3ff3d00b94a",
          "name" : "jettyPort"
       }
      {
          "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
          "accessAttribute" : {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "Integer",
            "description" : "CSM Local Port",
            "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "csm.local.port"
          },
          "attributeValue" : "7070",
          "description" : "CSM Local Port",
          "guid" : "b86fb3c3-d5c8-46dc-8d7d-5be05a392aff",
          "name" : "csm.local.port"
        }
       
      },{
        "cloudClass" : "com.bmc.cloud.model.beans.CloudService",
        "accessValues" : [ {
          "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
          "accessAttribute" : {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "String",
            "description" : "CSM Global Registry URL",
            "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "csm.global.url"
          },
          "attributeValue" : "localhost:7070",
          "description" : "CSM Global Registry URL",
          "guid" : "45cb9fc3-ac7e-49de-88d4-4d1042c48061",
          "name" : "csm.global.url"
        }, {
          "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
          "accessAttribute" : {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "Integer",
            "description" : "CSM Local Port",
            "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "csm.local.port"
          },
          "attributeValue" : 7070,
          "description" : "CSM Local Port",
          "guid" : "80e5622d-4dbc-49de-9ca6-deef7627e7f5",
          "name" : "csm.local.port"
        } ],
        "cloudServiceDefinition" : 
         "/cloudservicedefinition/4bc19dbb-22e5-4a3d-a294-c3749e2b2947",
        "cloudServiceDefinitionObject" : {
          "cloudClass" : "com.bmc.cloud.model.beans.CloudServiceDefinition",
          "accessAttributes" : [ {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "String",
            "description" : "CSM Global Registry URL",
            "guid" : "5f49c658-e3fb-4ace-95aa-d5c13636a82e",
            "hasValueObject" : [ {
              "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
              "attributeValue" : "localhost:7070",
              "guid" : "79c5b890-1b4e-4514-8e28-ddd216551b3c",
              "name" : "csm.global.url"
            } ],
            "isOptional" : false,
            "isPassword" : false,
            "length" : 255,
            "modifiableWithoutRestart" : false,
            "name" : "csm.global.url"
          }, {
            "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
            "datatype" : "Integer",
            "description" : "CSM Local Port",
            "guid" : "9ceda25b-b408-4f38-bf78-26fc8a941ced",
            "hasValueObject" : [ {
              "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
              "attributeValue" : "7070",
              "guid" : "de64d5ff-ff11-4e2d-b1e0-941072b4ae95",
              "name" : "csm.local.port"

      Make sure to save the cloudservices.json file.

  5. Set the value parameter in the ../Platform_Manager/configuration/PreferenceGroup.json file to http and 7070.

    Note

    If you plan to have Self-Check Monitor and Cloud Portal Web Application (installed on separate hosts) also on HTTP, make sure the protocol and port values related to these products are updated accordingly.

     {
          "cloudClass": "com.bmc.cloud.model.beans.PreferenceGroupNameValuePair",
          "guid": "98d27d82-44fc-41c8-bde0-007f0fa8fc2f",
          "name": "clmui base URL",
          "value": "http://clm-aus-005121/clmui"
      },{
  6. Stop the CSM service and then perform the following actions:

    1. Back up the cache and data folders in ../Platform_Manager
    2. Back up the org.eclipse.* folders in ../Platform_Manager\configuration.
    3. Delete the cachedata, and org.eclipse.* folders.

  7. Update the Platform Manager Root URL in the CMF:PluginConfiguration form on the Cloud Portal and Database AR System server to http and 7070
     

  8. Start the CSM service.

  9. Restart the Cloud Portal and Database AR System service.

  10. Use RESTClient to verify the Platform Manager SSL connection by using the SSL link.

To configure Cloud Portal Web Application from HTTPS to HTTP with a Self-Signed Certificate

Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. 

  1. Update /opt/bmc/CloudPortalWebApplication/tomcat/conf/server.xml
    1. Replace the Connector entry:

      <Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" 
      keystoreFile="/opt/bmc/CloudPortalWebApplication/clmui/Certificates
      /clmuiSslCertificate.cert" 
      keystorePass="changeit" maxThreads="150" port="8443" scheme="https" 
      secure="true" sslProtocol="TLS"/>
    2. With the following information:

       <Connector connectionTimeout="20000" port="9070" 
      protocol="HTTP/1.1" 
      redirectPort="9443"/>
  2. Restart Cloud Portal Web Application service.
    For example:

    /opt/bmc/CloudPortalWebApplication/tomcat/bin/shutdown.sh
    /opt/bmc/CloudPortalWebApplication/tomcat/bin/startup.sh

To configure CLM Self-Checker from HTTPS to HTTP with a Self-Signed Certificate

 Use the following steps to configure HTTPS to HTTP using a Self-Signed Certificate. 

  1. Update /opt/bmc/selfchecker/tomcat/conf/server.xml
    1. Replace the Connector entry:

      <Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" 
      keystoreFile="/opt/bmc/selfchecker/selfchecker/Certificates
      /selfcheckSslCertificate.cert" 
      keystorePass="changeit" maxThreads="150" port="8443" scheme="https" 
      secure="true" sslProtocol="TLS"/>
    2. With the following information:

      <Connector connectionTimeout="20000" port="8090" protocol="HTTP/1.1" 
      redirectPort="8443"/>
  2. Restart the Self Checker service.

    For example:

     
    /opt/bmc/selfchecker/tomcat/bin/shutdown.sh
    /opt/bmc/selfchecker/tomcat/bin/startup.sh

Related topic

Using CLM applications with third-party Certification Authority certificates


Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Ranu Ganguly

    Hi Manoj, Is this step removal process applicable for 4.5 as well?

    Aug 22, 2017 03:12