Troubleshooting Tips > Run SCP in SSL

Run SCP in SSL

Tags:  
Requirement:

To run SupportCenter in https mode and allow the end user to access MSP through the URL https://monitor.domain.com/ and SupportCenter through https://support.domain.com/

x.x.x.x is the ip address that will point to https://support.domain.com/  and y.y.y.y is the IpAddress that will point to https://monitor.domain.com/ .

Note: Move to 6004(or above) build before you proceed with this.

Steps:

For Windows Users:
  • Stop the Central Server if Running.
  • Take a backup of file <central-home>/supportcenter/lib/AdventNetDeploymentSystem.jar
  • Extract the patch ssl.zip over <Central-Home> directory,if it ask for replaceing the file AdventNetDeploymentSystem.jar you can click yes.
  • Execute changeWebServerPort.bat under <Central-Home>\supportcenter\bin directory to configure SCP to run in https mode in the port 443.
    • e.g <central-home>\supportcenter\bin>changeWebServerPort 443 https
    • Note: If you had installed the server in "Program Files" folder,then please goto the above folder as shown here                                                     "C:\>cd  C:\Progra~1\AdventNet\ME\Central\supportenter\bin".
  • If the User gets ThirdParty SSL Certificate for this HelpDesk along wih Central,then do the 14th step in  http://msp.wiki.zoho.com/Generate-a-new-SSL-key-and-get-certified-by-a-CA.html.
  • Execute the following commands to merge the scp.keystore file with the https.truststore
    • <central-home>/bin>..\jre\bin\keytool -export -v -rfc -alias asc -file scpcert.txt -keystore ..\supportcenter\server\default\conf\scp.keystore -keypass scpsecured -storepass scpsecured
    • <central-home>/bin>..\jre\bin\keytool -import -alias SCPSSL -keystore ..\conf\https.truststore -file scpcert.txt -storepass storepw -noprompt
  • Edit the serverparameters.conf under <central-home>\conf directory to have the rmiregistry run at port 2099.You need to include the below line in the file
    • Remove the # before the line RMI_REG_PORT 1099 and edit this line as below
    • RMI_REG_PORT  2099
  • Edit the sample-bindings.xml under <central-home>\supportcenter\server\default\conf directory to have the naming service run at 1099 port.Edit the service-config tag corresponding to naming service and change the port no value from 0 to 1099
    •   <service-config delegateClass="org.jboss.services.binding.AttributeMappingDelegate" name="jboss:service=Naming">
         <delegate-config hostName="BindAddress" portName="Port">
             <attribute name="RmiPort">0</attribute>
               </delegate-config>
               <binding host="${jboss.bind.address}" port="1099"/>
            </service-config>
  • You need to bind MSP to use one ip address and SCP to another ip address.Say ur machine is configured with two ipaddress x.x.x.x and y.y.y.y.
    • To bind SCP to x.x.x.x edit the run.bat present in <central-home>\supporcenter\bin directory(search for the non bold part in that file) and add an argument(which is in bold) as follows
      • set ARGS = %ARGS% -LAdventNetDeploymentSystem.jar -bx.x.x.x

    • To bind MSP to y.y.y.y edit the serverparamertes.conf in <central-home>\conf directory and change the APACHE_SERVER_NAME & LISTEN_INTERFACE parameter as
      • APACHE_SERVER_NAME y.y.y.y
      • LISTEN_INTERFACE y.y.y.y

    • Also include a new paramenter SCP_LISTEN_INTERFACE in serverparameters.conf(as a new line below LISTEN_INTERFACE y.y.y.y  line) and point it to the SCP ipaddress
      • SCP_LISTEN_INTERFACE x.x.x.x
  • You need to edit the <central-home>/bin/supportcenter.bat file.
    • line to be changed "call shutdown.bat -e 0 nopause "
    • it should look like "call shutdown.bat -e 0 nopause --server=x.x.x.x"
  • Goto <central-home>\supportcenter\server\default\conf\TrayIconInfo.xml and add "ipToBind" parameter to the following line:
    <SDP-PROPERTIES RequestScheme="https" WebPort="443" />
    Now the line would look like
    <SDP-PROPERTIES RequestScheme="https" WebPort="443" ipToBind="x.x.x.x"/>
  • Uncomment the following line in the same file:
    <!--ADDITIONALPARAMS ParamName="ipToBind" ParamValue="-bx.x.x.x"/-->
    Now the line would look like
    <ADDITIONALPARAMS ParamName="ipToBind" ParamValue="-bx.x.x.x"/>
  • Now copy the file scp.keystore from "<central-home>/supportcenter/server/default/conf/" to "<central-home>/supportcenter/server/server/default/conf"(Create this destination conf directory if it is not there and place the scp.keystore file here).
  • Now configure your ipaddress x.x.x.x to point to support.domain.com and ipaddress y.y.y.y to monitor.domain.com

If the problem still persists contact mspsupport@opmanager.com for further assistance.
Thank you.



 RSS of this page

rtttrrb