8.27 Configuring Viewpoint to Use SSL

Adaptive Computing strongly recommends using Viewpoint on a secure channel (SSL).

This topic explains how to enable SSL for Viewpoint.

The steps in this topic must be performed before you set up the connection to MWS.

Do the following in order:

8.27.1 Create a Self-Signed Certificate

Do the following:

  1. Generate a private key.
    [root]# openssl genrsa -out server.key 1024

    This will create an unencrypted private key. It is recommended that this private key has only root privileges.

    If you want to encrypt this private key (add a passphrase), do the following:

    [root]# openssl genrsa -des3 -out server.key 1024
  2. Generate the certificate signing request from the private key (what is used to create a self-signed certificate).
    [root]# openssl req -new -key server.key -out server.csr
    1. If you encrypted the private key, enter the passphrase when prompted.
    2. Enter the certificate metadata when prompted. For example:
      ...

      Country Name (2 letter code) [XX]:US

      State or Province Name (full name) []:Utah

      Locality Name (eg, city) [Default City]:Provo

      Organization Name (eg, company) [Default Company Ltd]:Adaptive Computing Enterprises, Inc.

      Organizational Unit Name (eg, section) []:Engineering

      Common Name (eg, your name or your server's hostname) []:test1.adaptivecomputing.com

      ...

  3. Generate the self-signed certificate from the CSR.
    [root]# openssl x509 -req -in server.csr -signkey server.key -out server.crt

You should have both a private key (server.key) and a certificate (server.crt).

8.27.2 Enable SSL for Viewpoint

Do the following:

  1. Install the Apache SSL Module.
    • Red Hat 6-based or Red Hat 7-based systems
      [root]# yum install mod_ssl
  2. Install the private key and certificate you generated earlier in this topic.
    [root]# chmod 400 server.key server.crt
    [root]# chown root:root server.key server.crt
    [root]# cp -p server.key server.crt /etc/httpd
  3. Edit /etc/httpd/conf.d/viewpoint.conf as follows:
    Listen 443
    LoadModule ssl_module modules/mod_ssl.so
    
    <VirtualHost *:443>
    
        SSLEngine On
        SSLCertificateKeyFile /etc/httpd/server.key
        SSLCertificateFile /etc/httpd/server.crt
    
        ---
    
    </VirtualHost>

    Viewpoint needs its own VirtualHost on its own port. Therefore, if Apache is serving pages or applications besides Viewpoint over SSL, choose a port for Viewpoint besides 443.

  4. Start or restart Apache.
    • Red Hat 6-based systems
      [root]# service httpd restart
    • Red Hat 7-based systems
      [root]# systemctl restart httpd.service

Related Topics