This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
TrueSight Middleware Administrator
BMC Middleware Management - Administration for WebSphere MQ
Important notice - please also refer to the BMC Knowledge Article KA423980 for information on how to mitigate the OpenSSL 'FREAK' attack!
Steps to run AppWatch in secured http (https) with Active Directory and SSL and to create self-signed certificate on Windows.
BMC Middleware Management - Administration for Websphere MQ
AppWatch by MQSoftware
Steps to run AppWatch with Active Directory and secured http (https) and to create self-signed certificate on Windows.
1. Stop all AppWatch services
2. Copy the 'openssl.cnf' file from <AppWatch install dir\bin\> to <AppWatch install dir\conf\> directory
3. From DOS prompt, (cd) change directory to <AppWatch install dir\bin\> directory.
4. From the bin directory, create a server key by running the following command:
openssl genrsa 1024 > server.key
5. From the bin directory, create a self signed certificate by running the following command:
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -config openssl.cnf > server.crt
*This will ask you questions, you can ignore first few questions, and respond to 'Common Name' question, for example:
D:\Program Files\AppWatch \bin> openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -config openssl.cnf > server.crt
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) :
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) :
Common Name (e.g., Your AppWatch ServerName) :Enter_Your_AppWatch_Server_HostName_Here
Email Address :
Note: Whatever 'Common Name' value you enter when running the openssl command in step 5, you will also need to enter the same value by replacing the word 'localhost' in the 'ServerName' line in the httpd-ssl.conf file in step 9 below.
6. Copy 'server.key' & 'server.crt' files from <AppWatch install dir\bin\> to <AppWatch install dir\conf\> directory.
7. - cd to <AppWatch install dir\conf\> directory
- Edit the 'httpd.conf' file:
- Comment out the 'Listen 80' and 'ServerName localhost:80' directives by placing the # in front of the lines, ie.,
Note: Port 80 is the default for http, in your case it could be something else if you're using non-default port.
- Uncomment the following line:
LoadModule ssl_module modules/mod_ssl.so
- At the end of file uncomment one more line
8. In the <AppWatch install dir\conf\extra\> directory, edit the 'httpd-ssl.conf' file
- uncomment the Listen directive and choose a port that Apache should listen on
e.g., 'Listen 443'
- Edit the 'VirtualHost' tag so it matches the port number given in the
'Listen' directive (above)
e.g. '<VirtualHost _default_:443>'
9. On the ServerName line, the default should look like the following:
'localhost' value needs to be changed to match the Command Name you've entered in step 5 above
so after the change, it should look like the following:
Note: Port 443 is the default for https, you can change to something else if you prefer; however it must match port specified in step 8 above.
10. The following lines should be changed appropriately to where you've copied the 'server.key' and 'server.crt' files (step 6) -- <AppWatch install dir\conf\> directory.
SSLCertificateFile "D:/Program Files/AppWatch/conf/server.crt"
SSLCertificateKeyFile "D:/Program Files/AppWatch/conf/server.key"
11. If you're using IE (Internet Explorer), following lines need to be commented out by placing the # sign in front of the lines
#BrowserMatch ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
12. Start all AppWatch services
13. The URL should now be: https://YourAppWatchServerHostname:443
- BMC Middleware Management - Administration for Websphere MQ Family
- BMC Middleware Management - Administration for WebSphere MQ