SiteScope User's Guide

Accessing SiteScope via HTTPS

You can setup the SiteScope Web server to use an SSL connection with access via the https protocol. The steps you need to take to do this are described in this section.

This section describes:

• About Working with Certificates in SiteScope
• Using a Certificate from a Certificate Authority
• Using a Self-Signed Certificate

About Working with Certificates in SiteScope

SiteScope is shipped with Keytool.exe. Keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for authentication using digital signatures. It also allows users to cache the public keys of the parties they communicate with. This is installed in <SiteScope install path>/SiteScope/java/bin directory.

Important: The process for creating, requesting, and installing a digital certificate requires close attention to detail. Be sure to make a note of the parameters and command line arguments that you use in each step of the process as it is very important that you use the same values though out the procedure.

You can find out more about Keytool at the Sun Microsystems site:

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

Using a Certificate from a Certificate Authority

You use the following steps in you plan to use a digital certificate issued by a Certificate Authority. In order to use this option, you need a digital certificate that can be imported into the key storage file used by Keytool. If your organization does not currently have a digital certificate for this purpose, you will need to make a request to a Certificate Authority to issue you a certificate.

To use a certificate from a Certificate Authority:

1. Remove the serverKeystore file that is located in the SiteScope\groups directory. You can delete it or simply move it to a different directory.

   Note: This file must be removed before performing the steps listed below.

2. Next, you must create a key pair. To do this you need to run the command line listed below from the SiteScope\java\bin directory.

   Note: values in italics are variables that you fill in with information specific to your organization

   Note: This command and all others you use must be entered on a single line. The line is divided here to fit on this page.

   keytool -genkey -dname "CN=www.yourDomain.com, OU=yourDepartment, O=yourCompanyName, L=yourLocation, S=yourState, C=yourCountryCode" -alias yourAlias -keypass keypass -keystore ..\..\groups\serverKeystore -storepass passphrase -keyalg "RSA" -validity valdays

   This command will create a file called "serverKeystore" in the SiteScope\groups directory. SiteScope will use this KeyStore file to store the certificates used in your secure sessions. Make sure you keep a backup copy of this file in another location.

   Note: The value of a -dname option must be in the following order where the italicized values are replaced by values of your choosing. The keywords are abbreviations for the following:

   CN = commonName - Common name of a person (for example, "Warren Pease")
   OU = organizationUnit - Small organizational unit (for example, "NetAdmin")
   O = organizationName - Large organization name (for example, "ACMe-Systems, Inc.")
   L = localityName - Locality (city) name (for example, "Palo Alto")
   S = stateName - State or province name (for example, "California")
   C = country - Two-letter country code (for example, "US")

   Note: The subcomponents within the -dname (distinguished name string) variable are case-insensitive and they are order-sensitive, although you do not have to include all of the subcomponents. The -dname variable should represent your company and the CN is the domain name of the Web server on which SiteScope is installed.

   Note: The value of -storepass is a password used to protect the KeyStore file. This password must be at least 6 characters long. You will need to use this password to import to and remove certificate data from the KeyStore file.

   Note: The -alias variable is an alias or nickname you use to identify an entry in your KeyStore.

3. Now you need to create a certificate request file. To do this, run the following command also from the SiteScope\java\bin directory:

   keytool -certreq -alias yourAlias -file ..\..\groups\filename.csr -keypass keypass -keystore ..\..\groups\serverKeystore -storepass passphrase -keyalg "RSA"

   This command will generate a .csr to be used as a request file. You need to send this file to a Certificate Authority (CA) along with your request for a certificate. After you receive your certificate from a Certificate Authority (the reply should include a file called cert.cer), you need to import this certificate into the KeyStore file you created using the steps above. The file should be called serverKeystore. Use the following steps to import the certificate.

4. To import the certificate data into the KeyStore file, run the following command also from the SiteScope\java\bin directory:

   keytool -import -trustcacerts -alias yourAlias -file cert.cer -keystore ..\..\groups\serverKeystore

5. To change SiteScope to use a secured connection, you need to add or modify the following parameters in the SiteScope\groups\master.config file:

   _httpSecurePort=8899

   The number you use for the _httpSecurePort parameter can be set to any available port number. It is recommended that you use a port number other than 8888, which is the default port for the accessing SiteScope using HTTP (unsecured).

   In order to access SiteScope using HTTPS exclusively, you will need to modify the following parameters in the master.config file as shown below, substituting the applicable values for those items in italics.:

   _httpPort=
   _httpSecurePort=8899
   _httpSecureKeyPassword=passphrase
   _httpSecureKeystorePassword=keypass
   

   Note: All the parameters in the master.config file are case and syntax sensitive. Be sure not to add any extra spaces or lines to the file.

6. Save the changes to the master.config file .
7. Stop and restart the SiteScope service for the changes to become effective.

You should now be able to access SiteScope using HTTP for example, for access from inside the firewall, at the default address of:

http://server_IP_address:8888

You should also be able to access SiteScope using HTTPS at the following address, based on steps in the example above:

https://server_IP_address:8899

Using a Self-Signed Certificate

Alternatively, you also can generate a self signed certificate. To do this, you use the -selfcert option to have the Keytool utility generate a self-signed certificate.

To use a self-signed certificate:

1. Remove the serverKeystore file that is located in the SiteScope\groups directory. You can delete it or simply move it to a different directory.

   Note: This file must be removed before performing the steps listed below.

2. Next, run the following command from the SiteScope\java\bin directory

   Note: values in italics are variables that you fill in with information specific to your organization

   Note: This command and all others you use must be entered on a single line. The line is divided here to fit on this page.

   keytool -genkey -dname "CN=www.yourDomain.com, OU=yourDepartment, O=yourCompanyName, L=yourLocation, S=yourState, C=yourCountryCode" -alias yourAlias -keypass keypass -keystore ..\..\groups\serverKeystore -storepass passphrase -keyalg "RSA" -validity valdays

3. Next run the following command, also from the SiteScope\java\bin directory:

   keytool -selfcert -alias yourAlias -sigalg "MD5withRSA" -keypass password -dname "CN=www.yourDomain.com, OU=yourDepartment, O=yourCompanyName, L=yourLocation, S=yourState, C=yourCountryCode" -keystore ..\..\groups\serverKeystore

4. To change SiteScope to use a secured connection, you need to add or modify the following parameters in the SiteScope\groups\master.config file:

   _httpSecurePort=8899

   The number you use for the _httpSecurePort parameter can be set to any available port number. It is recommended that you use a port number other than 8888, which is the default port for the accessing SiteScope using HTTP (unsecured).

   In order to access SiteScope using HTTPS exclusively, you will need to modify the following parameters in the master.config file as shown below, substituting the applicable values for those items in italics.:

   _httpPort=
   _httpSecurePort=8899
   _httpSecureKeyPassword=passphrase
   _httpSecureKeystorePassword=keypass
   

   Note: All the parameters in the master.config file are case and syntax sensitive. Be sure not to add any extra spaces or lines to the file.

5. Save the changes to the master.config file .
6. Stop and restart the SiteScope service for the changes to become effective.

You should now be able to access SiteScope using HTTP for example, for access from inside the firewall, at the default address of:

http://server_IP_address:8888

You should also be able to access SiteScope using HTTPS at the following address, based on steps in the example above:

https://server_IP_address:8899

Copyright © 2004 Mercury Interactive Corporation.
All rights reserved.

Documentation comments or suggestions?
Please send feedback to documentation@mercury.com