Configuring Secured Access on a Web Service

You can configure HTTPS on a web service. You must have access to the Web Server computer, the Web Console computer, the Compliance Search computer (if applicable), the Microsoft Internet Information Services (IIS) Manager, and the CommCell Console. You must use a certificate signed by a well-known certificate authority (CA).

Important

Back up all configuration files and registry keys before you modify them, and keep a log of the changes that you make.

Step 1: Creating and Completing a Certificate Request in IIS

To configure HTTPS on a web service, you must use a certificate signed by a well-known certificate authority (CA).

  1. Log on to the Web Server computer.

  2. In IIS, create a certificate request for the Web Server computer.

  3. Submit the certificate to a well-known CA.

    The CA will sign the certificate.

  4. After the CA returns the signed certificate, in IIS, complete the certificate request.

Step 2: Configuring the Web Server Hostname

To configure secure access for the Web Server, configure the hostname used by the Web Server to reach itself internally. If the hostname is not set, 127.0.0.1 is used.

  1. Log on to the CommCell Console.

  2. To the Web Server computer, add the sIISInternalHostname additional setting as shown in the following table.

    For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Settings from the CommCell Console.

    Property

    Value

    Name

    sIISInternalHostname

    Category

    Session

    Type

    String

    Value

    The hostname used by the Web Server to reach itself internally. If the hostname is not set, 127.0.0.1 is used.

Step 3: Replacing the web.config File on the Web Server

To configure secure access for the Web Server, replace the original web.config file with the web.config file that is provided by Commvault.

  1. Log on to the Web Server computer.

  2. Go to software_installation_path\CVSearchService.

  3. Rename the web.config file, and then place the following configuration file in the CVSearchService folder:

    web.config

  4. On the command line, go to software_installation_directory/Base, and then type the following command:

    UpdateServerXml.exe Instance001

    where Instance001 is the instance where the Web Server is installed.

Step 4: Adding a Site Binding in IIS

To configure secure access for the Web Server, add an https site binding for the Web Server computer. After the site binding is added, you must restart the IIS services.

  1. On the Web Server computer, open IIS, select the Web Server computer, and then edit the bindings:

    1. Go to Sites > Consoles, and then add a site binding with the following values:

      • https as the type

      • 443 as the port number (if 443 is not free, use an available port number)

      • The SSL certificate that you imported

    2. Delete any existing http bindings.

    3. Under Manage Website, perform a start/restart.

      If the website fails to restart, try a different port number for the site binding.

    4. Keep IIS open.

  2. Restart the IIS services:

    1. On the command line, type iisreset.

    2. Press Enter.

  3. In IIS, verify that the web service is running:

    1. Go to Sites > Consoles > SearchSvc.

    2. On the Content View tab, right-click CVSearchService.svc, and then click Browse.

      The default web browser opens and displays You have created a service.

    3. Right-click CVWebService, and then click Browse.

      The default web browser opens and displays WebService is Running.

Applies to: CommCell environments that use Compliance Search

To configure secure access for the Web Server, update the configuration.properties file for the Compliance Search computer that is pointing to the Web Server where HTTPS is configured.

  1. Log on to the Compliance Search computer.

  2. Go to software_installation_path\WebClient\Web-INF\Classes.

  3. Back up the configuration.properties file by making a copy of the file.

  4. Open the configuration.properties file, and then update the WebServiceURL parameter to use HTTPS and the port number that is used in the HTTPS site binding:

    WebServiceURL=https://server.domain.company:port/SearchSvc

  5. Restart the Tomcat services.

    Note

    If Compliance Search and Web Console are on the same computer, you can restart the Tomcat services after you complete Step 6: Updating the Web Console Computer.

Step 6: Updating the Web Console Computer

To configure secure access for the Web Server, update the baseUrl registry key on the Web Console computer that is pointing to the Web Server where HTTPS is configured. If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file.

  1. Log on to the Web Console computer.

  2. Open the registry editor and click:

    HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\instance\WebConsole

    where instance is the installation instance of the Web Console.

  3. Right-click the baseUrl registry key, and then click Modify.

  4. In the Value Data box, update the value to use HTTPS and the port number that is used in the HTTPS site binding:

    https://server.domain.company:port/SearchSvc/CVWebService.svc

  5. If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file:

    1. Right-click the proxyServiceUrl registry key, and then click Modify.

      Note

      If proxyServiceUrl does not exist, create it and use string as the type.

    2. In the Value Data box, update the value to use HTTPS and the port number that is used in the HTTPS site binding:

      https://server.domain.company:port/proxysvc/proxy.aspx

    3. Go to software_installation_path\CVProxyService.

    4. Back up the ProxySettings.config file by making a copy of the file.

    5. Open the ProxySettings.config file, and then update the WEB_SERVICE_URL parameter to use HTTPS and the port number that is used in the HTTPS site binding:

      <add key="WEB_SERVICE_URL" value="https://server.domain.company:port/SearchSvc/CVWebService.svc/" />

  6. Restart the Tomcat services.

Step 7: Specifying the Port Number on the CommServe Computer

To configure secure access for the Web Server, specify the port number that was used in the HTTPS site binding. HTTPS will be used with this port number.

  1. Log on to the CommCell Console.

  2. To the CommServe computer, add the WebServerHttpSecure additional setting as shown in the following table.

    For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.

    Property

    Value

    Name

    WebServerHttpSecure

    Category

    CommServDB.GxGlobalParam

    Type

    Integer

    Value

    Enter the port number that is used in the HTTPS site binding.

  3. Restart the Commvault Server Event Manager (EvMgrS) service.

Step 8: Specifying the Default Web Server

To configure secure access for the Web Server, specify the Web Server that you configured for HTTPS as the default web server for search.

  1. Log on to the CommCell Console.

  2. From the CommCell Console ribbon, on the Home tab, click Control Panel.

    The Control Panel dialog box appears.

  3. Under User, click Browse/Search/Recovery Options.

    The Browse/Search/Recovery Options dialog box appears.

  4. From the Default Web Server for Search list, select the Web Server that you configured for HTTPS.

  5. Click OK.

Loading...