Versions Compared

Old Version 20

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version 21

changes.mady.by.user Nadja Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

  1. Create a certificate keystore on the Apache Tomcat server. This file is saved in the folder <Precise_root>\products\gui\website as a certificate .keystore file.
    1. Before you create the .keystore file, delete the alias Tomcat if it already exists. To delete the alias Tomcat, run the following command from the <Precise_root> folder on the Precise FocalPoint:

      • Windows
        java\JRE\bin\keytool -delete -alias tomcat -keystore products\gui\website\.keystore

        Info

        For the password, use "changeit." For the question "What is your first and last name," provide the server name used in the URL for the Precise GUI as the answer.

      • UNIX
        java/JRE/bin/keytool -delete -alias tomcat -keystore products/gui/website/.keystore
    2. To create your own certificate, run the following command from the <Precise_root> folder on the Precise FocalPoint:

      • Windows
        java\JRE\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore products\gui\website\.keystore -validity 3000

      • UNIX
        java/JRE/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore products/gui/website/.keystore -validity 3000

        Info

        For the password, use "changeit." Also, use the host as displayed in the url for the name.

  2. In the file <Precise_root>\products\gui\website\conf\server.xml
    1. Add comment tags around the non-SSL <Connector> tag, where the preliminary remark is "<!-- Define a non-SSL HTTP/1.1 ...->."
    2. Remove the comment tags around the SSL <Connector> tag, where the preliminary remark is "<!-- Define a SSL Coyote HTTP/1.1 ...->."
  3. Restart the Precise FocalPoint process on the UNIX server. Restart the Precise FocalPoint service and the Precise user interface service on the Windows server.

  4. Open the Precise application using HTTPS.
    For example:
    https://<host>:<port>

    Info

    After restarting the Precise FocalPoint, the SSL port changes to the default port added by the user during installation. If you want to use a different port, you can change the port as described in the Change GUI server port section in the Precise CLI Utility.


    When first launching Precise in a client, a security alert is displayed with the certificate details. You should sign your certificate with a trusted root authority (such as VeriSign). Alternatively you can install the certificate on each client server that uses the Precise GUI.

  5. In AdminPoint, click the Setup tab and click on Nodes in the drop-down menu

  6. In the Nodes tab, click Edit to update the URL of the node for which you configured the SSL, according to step 4. In addition, if you are working with the Precise Custom Portal, the following configuration must be performed.

...

For information regarding configuring J2EE to work in HTTPS mode, see About Security Options in the Precise for J2EE User Guide.

For information on installing your own certificate for J2EE, see the Creating and installing certificates for SSL on page of the Precise Administration Guide.

...

  1. Open the \conf\httpd.conf file in the Apache installation folder.
  2. Change the line with the Listen and port number to the GUI port of Precise (The port that the Precise Tomcat Web server listens to, in this example 20760). The information will become: Listen 20760
  3. Change the line with the ServerName and port number (in this example 20760) to the required server and GUI port.
    ServerName GUI-TEST-INST.precise.com:20760
  4. Look for the following three lines with the proxy modules and remove the pound/hash marks (# sign) from them:
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
  5. Change the port the Precise Tomcat Web server will listen to, for example to 20761 by adding the following entries at the end of the file, where the new port of the Tomcat is used (In this case 20761, see the following section about this port):
    <Proxy *>
         Order deny,allow
         Allow from all
    </Proxy> ProxyRequests Off ProxyPreserveHost On
    ProxyPass / http://gui-test-inst.precise.com:20761/
    ProxyPassReverse / http://gui-test-inst.precise.com:20761/
    Verify that http://gui-test-inst.precise.com:20761 is replaced with the fully qualified domain name and port of your Precise installation.
  6. Open the <Precise_root>/infra/setup.xml file and edit the <tomcat-port> tag.
  7. Change the port of the Precise Tomcat Web server to a port that is not open to the outside world, or is behind a firewall, to prevent direct access to it. In this example, the Tomcat port will be 20761.
  8. Restart first the Tomcat service and then the Apache service.

...

  1. Change the port of the Precise Tomcat Web server to a port that is not open to the outside world, or is behind a firewall, to prevent direct access to it. In this example, the Tomcat port will be 20761.
    Remember to make the change in the Precise setup.xml file
  2. Enable the mod_proxy feature in the Apache Web server. For example, on a Debian server it is done by symlinking some files:
         symsrv:/etc/apache2/mods-enabled# ls
         cgid.conf cgid.load userdir.conf userdir.load
         symsrv:/etc/apache2/mods-enabled# ln -s ../mods-available/proxy.* . symsrv:/etc/apache2/mods-enabled# ln –s
         ../mods-available/proxy_http.* .
         symsrv:/etc/apache2/mods-enabled# ls
         cgid.conf cgid.load proxy.conf proxy.load proxy_http.conf proxy_http.load userdir.conf userdir.load
  3. Configure the mod_proxy feature by creating a configuration file snippet, conf.d/symi3, as described in the following code:
         symsrv:/etc/apache2/mods-enabled# cd ../conf.d
         symsrv:/etc/apache2/conf.d# cat > symi3
         <Proxy *>
              Order deny,allow
              Allow from all
         </Proxy>
         ProxyRequests Off
         ProxyPreserveHost On
         ProxyPass / http://gui-test-inst.precise.com:20761/ ProxyPassReverse / http://gui-test-inst.precise.com:20761/
         teacup:/etc/apache2/conf.d#
    Verify that http://gui-test-inst.precise.com:20761 is replaced with the fully qualified domain name and port of your Precise installation.

...

Anchor
ConfiguringLDAPtoauthenticatePreciseusers
ConfiguringLDAPtoauthenticatePreciseusers
Configuring LDAP to authenticate Precise users

Precise Version 9.6 can integrate with Lightweight Directory Access Protocol (LDAP). LDAP is a better option than JAAS. The following section describes how to configure LDAP.

...

Once integrated with LDAP, Precise Version 9.6 gets all users and groups from the LDAP and synchronizes them into its own database. Login passwords are authorized by LDAP, thus preventing the need to keep (and verify) the users' passwords within Precise.

...

For more information on running LDAP-sync command, see the Precise CLI Utility Reference Guide.See Authenticate to CLI Utility.