Owners Manual

ManualsBrandsDell ManualsComputer equipmentOpenManage Network Manager

Setting Up Secure Connections (SSL & HTTPS) | Getting Started

62 OMNM 6.5.2 User Guide

Setting Up Secure Connections (SSL & HTTPS)

The following describes how to turn on SSL support within OpenManage Network Manager on

single-server installations. Configure Clustered installations with a Load Balancer with SSL

Offloading. SSL Offloading takes advantage of hardware which has been designed to deal with

quick encryption and decryption of SSL. It also lets you purchase a single SSL certificate rather

than generating a certificate per server, something that can be more costly.

NOTE:

If you want a secure connection between distributed servers (application and mediation servers, for

example), the following also applies.

Enabling Secure SSL

Best practice for a clustered production environment is to use a Load Balancer with SSL Offloading

rather than creating a private key, as described below. Refer to the

Installation Guide

for more

about load balancing.

The private key and certificate described below provides identity and browser verification against

the CA signed root certificate. For testing and internal use you need this step to create a Private

Key and Private Signed Certificate to enabled SSL encryption.

NOTE:

Some functions may fail using this approach since some third party layers may expect a valid CA signed

root.

Creating a Private Key (Linux/Windows)

Open a command prompt in Windows or a Terminal within Linux

Navigate to a

<INSTALL DIR>/oware/synergy/tomcat-XX/bin/certs

Enter the command:

openssl

If this command does not find openssl, then first enter the oware environment (in Windows

type

oware

, in Linux, type . ./etc/.dsienv).

The OpenSSL prompt appears:

OpenSSL>

Enter the command:

genrsa -des3 -out tomcatkey.pem 2048

OpenSSL then asks for a pass phrase for the key. Enter

changeit

. See

Turn ing o n SSL

Within the Web Portal

on page 63 if you want to change the default password.

OpenSSL then creates the private key and stores it in the current directory

Creating a Certificate (Linux/Windows)

Once you have the private key created, you must create a certificate.

Assuming you are still running the OpenSSL program from the previous step, enter the

command:

req -new -x509 -key tomcatkey.pem -out tomcat.pem -days 1095

OpenSSL asks for the pass phrase defined for the private key. Enter the previous pass phrase

(default:

changeit

). This command creates a self-signed certificate with a lifetime of 3

years, using the private key.