cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SSL on Storage Manager with port re-direct from port 80

Level 9

Here's how you set up SSL on your storage performance monitoring software, Storage Manager Web Console with a port redirect from port 80. This enables users to access the Web site on port 80 with HTTPS automatically used. Storage performance monitoring has never been this easy!

Use the keygen tool to create a Self Signed certificate

  1. Be sure you have Administrator authority.
  2. Enter the following command in a Command prompt:
    C:\Program Files\SolarWinds\Storage Manager Server\jre\bin>keytool -genkey -alias tomcat -keyalg RSA
  3. When prompted, enter a password for the keystore. Remember this password. You will need it in later steps.
  4. You will be prompted for additional information such as your name, address, role, and company. Complete the prompt requests.
  5. The certificate file is created in the Home directory for the user that creates the file, It is called .keystore.
    Example:C:\Users\Administrator
  6. Save this file to a location outside the Storage Manager installation directory.
    Example: C:\STM+Certificate


Edit file server.xml

  1. Open the server.XML file in a text editor.
    C:\Program Files\SolarWinds\Storage Manager Server\conf\server.xml
  2. Comment out the default HTTP Connector port as follows:

        <!--

        <Connector port="9000" maxHttpHeaderSize="8192"

        maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

        enableLookups="false" redirectPort="8443" acceptCount="100"

        connectionTimeout="20000" disableUploadTimeout="true" />

        -->

  3. Enter the following HTTP and HTTPS Connectors:

        <Connector port="80" protocol="HTTP/1.1" URIEncoding="UTF-8"

        disableUploadTimeout="true" connectionTimeout="20000"

        acceptCount="100" redirectPort="443" enableLookups="false"

        maxSpareThreads="75" minSpareThreads="25"

        maxThreads="150" maxHttpHeaderSize="8192"/>

        <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

        URIEncoding="UTF-8" disableUploadTimeout="true" connectionTimeout="20000" acceptCount="100"

        redirectPort="443" enableLookups="false" maxSpareThreads="75" minSpareThreads="25"

        keystoreFile="C:\STM_Certificate\.keystore" keystorePass="MyPassword"

        SSLEnabled="true" maxThreads="150"

        scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="8192"/>

  4. You can modify the port numbers to be whatever ports you wish to use for HTTP and HTTPS communications. If you update the HTTPS port make sure you also update 'redirectPort= in the HTTP and HTTPS connectors.
  5. Be sure the HTTPS connector on line 09. 'keystoreFile=' points to the location of the keystore file.
  6. Be sure the HTTPS connector on line 09. 'keystorePass=' defines the password you entered for the keystore file.
  7. Save the file.

Edit file web.xml

  1. Open the web.xml file in a text editor.
    C:\Program Files\SolarWinds\Storage Manager Server\conf\web.xml
  2. Add the following to the file just before the closing </web-app> tag:

        <security-constraint>

        <web-resource-collection>

        <url-pattern>/*</url-pattern>

        <http-method>GET</http-method><http-method>POST</http-method>

        </web-resource-collection>

        <user-data-constraint>

        <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

        </security-constraint>

Restart SolarWinds Storage Manager Web Services service

  1. Restart the SolarWinds Storage Manager Web Services service. Storage monitoring simplified!

pastedImage_1.png

4 Comments
Level 15

Thanks for the post!

Level 12

Would this work for CA Signed Certs?

Level 11

In theory You can create the keystore with the certificates you want, right now im trying to add an external cert, if i succeed ill let you know

MVP
MVP

Good Post !

About the Author
I joined the SolarWinds ID team because want to use my skills and abilities towards a common goal, and I want know my contributions matter. I want to see the results of my efforts and work toward building something bigger than what I can accomplish on my own. I believe in the mystery of a can-do attitude, I am excited about new opportunities and knowledge, and I am glad to be part of the SolarWinds team. Before joining SolarWinds, I obtained a Masters and Bachelors degrees in Computer Science and spent 5 years with the IBM Tivoli ID team. I was trained as a technical writer to better fulfill my responsibilities in providing tools support to the ID team. In addition to these responsibilities, I lead a work group designed to organize efforts to use Web Analytics and statistics to drive and validate documentation improvement efforts. I transitioned to the Lead UI developer for a Transparent Development project and spent time learning and implementing social media strategies to improve user experience.