BMC Middleware Management - Administration for WebSphere MQ (AppWatch): How to to run the product in secured http (https) with Active Directory and SSL and to create self-signed certificate on Windows

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Middleware Administrator


    APPLIES TO:

    BMC Middleware Management - Administration for WebSphere MQ



    QUESTION:

    Important notice - please also refer to the BMC Knowledge Article KA423980  for information on how to mitigate the OpenSSL 'FREAK' attack!

    Question
      

    Steps to run AppWatch in secured http (https) with Active Directory and SSL and to create self-signed certificate on Windows.

      
    Applies to
      

    BMC Middleware Management - Administration for Websphere MQ
    AppWatch by MQSoftware


    ANSWER:

     

    Legacy ID:KA408167

      

    Steps to run AppWatch with Active Directory and secured http (https) and to create self-signed certificate on Windows.

    1. Stop all AppWatch services
    2. Copy the 'openssl.cnf' file from <AppWatch install dir\bin\> to <AppWatch install dir\conf\> directory
    3. From DOS prompt, (cd) change directory to <AppWatch install dir\bin\> directory.
    4. From the bin directory, create a server key by running the following command:

    openssl genrsa 1024 > server.key

    5. From the bin directory, create a self signed certificate by running the following command:

    openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -config openssl.cnf > server.crt

    *This will ask you questions, you can ignore first few questions, and respond to 'Common Name' question, for example:

    D:\Program Files\AppWatch \bin> openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -config openssl.cnf > server.crt
    You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (e.g., Your AppWatch ServerName) []:Enter_Your_AppWatch_Server_HostName_Here
    Email Address []:

    Note: Whatever 'Common Name' value you enter when running the openssl command in step 5, you will also need to enter the same value by replacing the word 'localhost' in the 'ServerName' line in the httpd-ssl.conf file in step 9 below.

    6. Copy 'server.key' & 'server.crt' files from <AppWatch install dir\bin\> to <AppWatch install dir\conf\> directory.
    7. - cd to <AppWatch install dir\conf\> directory
    - Edit the 'httpd.conf' file:
    - Comment out the 'Listen 80' and 'ServerName localhost:80' directives by placing the # in front of the lines, ie.,

    Note: Port 80 is the default for http, in your case it could be something else if you're using non-default port.

    #Listen 80
    #ServerName localhost:80

    - Uncomment the following line:
    LoadModule ssl_module modules/mod_ssl.so

    - At the end of file uncomment one more line
    Include conf/extra/httpd-ssl.conf

    8. In the <AppWatch install dir\conf\extra\> directory, edit the 'httpd-ssl.conf' file
    - uncomment the Listen directive and choose a port that Apache should listen on
    e.g., 'Listen 443'

    - Edit the 'VirtualHost' tag so it matches the port number given in the
    'Listen' directive (above)
    e.g. '<VirtualHost _default_:443>'

    9. On the ServerName line, the default should look like the following:

    ServerName localhost:443

    'localhost' value needs to be changed to match the Command Name you've entered in step 5 above

    so after the change, it should look like the following:

    ServerName Enter_Your_AppWatch_Server_HostName_Here:443

    Note: Port 443 is the default for https, you can change to something else if you prefer; however it must match port specified in step 8 above.

    10. The following lines should be changed appropriately to where you've copied the 'server.key' and 'server.crt' files (step 6) -- <AppWatch install dir\conf\> directory.

    SSLCertificateFile "D:/Program Files/AppWatch/conf/server.crt"
    SSLCertificateKeyFile "D:/Program Files/AppWatch/conf/server.key"

    11. If you're using IE (Internet Explorer), following lines need to be commented out by placing the # sign in front of the lines

    #BrowserMatch ".*MSIE.*" \
    # nokeepalive ssl-unclean-shutdown \
    # downgrade-1.0 force-response-1.0

    12. Start all AppWatch services
    13. The URL should now be: https://YourAppWatchServerHostname:443

      
    Related Products:  
       
    1. BMC Middleware Management - Administration for Websphere MQ Family
    2.  
    3. BMC Middleware Management - Administration for WebSphere MQ

     


    Article Number:

    000030919


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles