3859

Setting up the UMP (wasp) to use SSL

Discussion created by 3859 on Nov 17, 2010

There are two methods to enable UMP SSL access. The first (and recommended) way is to use the SDP-DMZ install which will install an Apache proxy server on a host in the DMZ which can then be configured for SSL using standard Apache instructions (See attached file for some basic instructions).

The second method is to go the SSL on the UMP server route.  You would first enable SSL within the wasp.cfg file and verify that the SSL server is now responding (good thing). After that you will not be able to complete the instructions provided in the documentation on P32:

 

1)      There is not an installed an SDP instance on the UMP server.  According to the documentation, there should be something called “Service Delivery Portal” under Start->All Programs -> Nimsoft Monitoring, but there isn't.  This will cause a problem with the following steps:

 

 “Use the URL http://localhost/wasp_upload_certificate.jsp to upload the two certificates received from the Certificate Authority”

                  i.       Hitting that link (on the UMP server) just re-directs to the default login page

As a result, we can’t add our own certificates to the keystore.   

                  i.      Using the keytool (and the password provided in the wasp.cfg file) fails indicating it’s a bad password (or a corrupt file).

In order to upload the certificates from the Certificate Authority using the keytool/standard SSL tools, you will need to reinitialize the keystore password. 

On a recent wasp (2.71 or newer) you can run "ssl_reinitialize_keystore" callback where you can specify your own password for the keystore. Once reinitialized you can use standard SSL tools to manipulate the keystore. Using the Infrastructure Manager, single click on the wasp probe, then type Ctrl-p. This will bring up the probe Utility GUI. Find the callback mentioned above in the drop down box at top. Then fill in the arguments needed.

Outcomes