Summary
APM - Configuring Secure Access to Apache
Question
Configuring Secure Access to Apache
Answer
If you are using an Apache web server on the APM Gateway server, and you decide to use TLS, you must configure the web server as described in this section. For more information, see http://httpd.apache.org/docs/2.4/en/ssl/.
1. Prepare the server certificate
a. Obtain a signed server certificate from your certificate authority to the name of the APM Gateway server. Typically this certificate comes in PKCS#12 format with a password protected private key.
b. Separate the private key and the server public key using the openssl utility.
For example: Go to HPBSM\WebServer\bin, run openssl, and use the following commands:
pkcs12 -in c:\bsmcert.pfx -clcerts -nokeys -out c:\bsm_server_cert.pem
pkcs12 -in c:\bsmcert.pfx -nocerts -nodes -out c:\bsm_server_key.pem
2. Update the Apache TLS configuration file
a. Go to <APM Gateway Installation Directory>\WebServer\conf\extra
b. Open httpd-ssl.conf in a text editor.
c. Look for the following lines and replace the file name in quotation marks with the path to the files produced in the previous step.
SSLCertificateFile "c:/bsm_server_cert.pem"
SSLCertificateKeyFile "c:/bsm_server_key.pem"
d. Locate the line starting with ServerName and verify that this is the name that you issued the server certificate to.
e. Close and save file.
3. Enable TLS
a. Go to <APM Gateway Installation Directory>\WebServer\conf\
b. Open httpd.conf in a text editor.
c. Search the file for the string ssl to locate and uncomment the following lines (they are not consecutive):
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
d. Close and save the file.
4. When you have verified that the https connection works, if you want to disable clear text communication, close the http port by commenting out the line Listen 80 in the <APM Gateway Installation Directory>\WebServer\conf\httpd.conf file.
5. Restart the Apache web service
> In Windows:
a. Go to Start > Run and type services.msc.
b. Locate Business Service Management Web Server.
c. Restart the Service.
d. Test your https connection to the APM Server to make sure you can log in. For example:
https://<APM Gateway Server>/topaz.
> In Linux:
Run /opt/HP/BSM/WebServer/bin/apache2start.sh.