+11
Hi Community ,
I want to configure my Commserver Reports to be generated over HTTPS instead of using HTTP.
In Commserver IIS manager , the default configuration is http.
Can any one guide how can we correctly configure reporting over HTTPS using self signed SSL certificate or CA approved SSL certificate ?
Best answer by Stuart Painter
View originalHi
Thanks for the question, this is a tricky task, but we do have steps to configure IIS (Web Service) to operate over HTTPS.
Configuring Secured Access on a Web Service
These aren’t steps to be undertaken lightly, it may be worth running through these in a test environment first if you have the resources.
You will need to use a well known CA or an internal CA signed certificate for this task - please do not attempt to use a self-signed certificate, the Web Service will not operate with Web Console and Command Center with self-signed certificate, it has to be a CA-signed certificate.
Thanks,
Stuart
+11
Iam able to configure my reporting over HTTPS following this documentation but the problem is that my web-console and command center stopped working .
Hi
These are complex changes and since Web Console and Command Center rely on the connectivity to Commserve database that is provided by the Web Service, that’s likely what has gone wrong.
The screenshot shows a response from IIS that a file is not found, somewhere the configuration has gone wrong.
Since these changes are complex, to troubleshoot I would want to see a full set of logs from Web Console / Command Center and Web Server, probably a remote session to check IIS settings.
So on that basis I think raising a support case is the best next step here.
If you would private message me the case number, I can track this internally and cross reference the case with this post.
Thanks,
Stuart
Hi
I have responded to your support case (thanks for PM with the details).
It looks like you have successfully configured IIS and the Web Service to use HTTPS and port 443.
That means System Process ID 4 is probably bound to port 443, which would be confirmed by running command:
netstat -anob | find /i ":443"
However, since the Web Service is now using HTTPS port 443, that means Tomcat and the Web Console / Command Center can no longer start up and bind to this port.
This is indicated because when you request https://server/webconsole/ address you are receiving a 404 - File not found error from IIS (as seen in your screenshot above) - not from Tomcat which has a different format for 404 errors.
Since you have 2 competing services both trying to use HTTPS port 443 and by the looks of things, co-existing on the same server, you will need to reconfigure one of these services to use a different tcp port.
I suggest you move IIS Web Service to another port as web browsers will expect Web Console and Command Center to use HTTPS port 443.
Try reconfiguring Web Service and IIS to use an alternative port such as 8443.
You will need to update the baseUrl setting in the registry to reflect the new port assignment and the other additional settings from Configuring Secured Access on a Web Service with the relevant port.
Thanks,
Stuart
+11
Still , its not working . I have updated details on the case.
Hi
Tracking updates via the case, sharing some info in here for the benefit of the Community.
It looks like you’ve managed to get Web Service successfully moved to HTTPS on port 8443 and the Web Console is up and running again, however with the built-in, self-signed certificate creating during the original installation.
Please note that although Web Console (Apache Tomcat) and Web Service (Microsoft IIS) co-exist on the same server, they are completely separate services and processes, so you will need to add the certificate separately and to both services.
You have successfully applied your certificate to IIS and the Web Service, your next step is to apply your certificate to Tomcat for the Web Console / Command Center.
Creating a CA-Signed Certificate for the Tomcat Server
Configuring the SSL Certificate for Tomcat Server
Then you’ll be good, with web services all operating over HTTPS.
Thanks,
Stuart
+11
Thank you . Finally able to achieve both reporting as well as web services on HTTPS . Certainly not a simple one.
Thanks
I’m pleased to hear this was successful, glad to be of service!
Thanks,
Stuart
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
