You can configure HTTPS on a web service. You must have access to the Web Server computer, the Web Console computer, the Compliance Search computer (if applicable), the Microsoft Internet Information Services (IIS) Manager, and the CommCell Console. You must use a certificate signed by a well-known certificate authority (CA).
Important
Back up all configuration files and registry keys before you modify them, and keep a log of the changes that you make.
Step 1: Creating and Completing a Certificate Request in IIS
To configure HTTPS on a web service, you must use a certificate signed by a well-known certificate authority (CA).
-
Log on to the Web Server computer.
-
In IIS, create a certificate request for the Web Server computer.
-
Submit the certificate to a well-known CA.
The CA will sign the certificate.
-
After the CA returns the signed certificate, in IIS, complete the certificate request.
Step 2: Configuring the Web Server Hostname
To configure secure access for the Web Server, configure the hostname used by the Web Server to reach itself internally. If the hostname is not set, 127.0.0.1 is used.
-
Log on to the CommCell Console.
-
To the Web Server computer, add the sIISInternalHostname additional setting as shown in the following table.
For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Settings from the CommCell Console.
Property
Value
Name
Category
Session
Type
String
Value
The hostname used by the Web Server to reach itself internally. If the hostname is not set, 127.0.0.1 is used.
Step 3: Replacing the web.config File on the Web Server
To configure secure access for the Web Server, replace the original web.config file with the web.config file that is provided by Commvault.
-
Log on to the Web Server computer.
-
Go to software_installation_path\CVSearchService.
-
Rename the web.config file, and then place the following configuration file in the CVSearchService folder:
-
On the command line, go to software_installation_directory/Base, and then type the following command:
UpdateServerXml.exe Instance001
where Instance001 is the instance where the Web Server is installed.
Step 4: Adding a Site Binding in IIS
To configure secure access for the Web Server, add an https site binding for the Web Server computer. After the site binding is added, you must restart the IIS services.
-
On the Web Server computer, open IIS, select the Web Server computer, and then edit the bindings:
-
Go to Sites > Consoles, and then add a site binding with the following values:
-
https as the type
-
An available port (port number 443 is used by other packages and normally it is not available)
-
The SSL certificate that you imported
-
-
Delete any existing http bindings.
-
Under Manage Website, perform a start/restart.
If the website fails to restart, try a different port number for the site binding.
-
Keep IIS open.
-
-
Restart the IIS services:
-
On the command line, type iisreset.
-
Press Enter.
-
-
In IIS, verify that the web service is running:
-
Go to Sites > Consoles > SearchSvc.
-
On the Content View tab, right-click CVSearchService.svc, and then click Browse.
The default web browser opens and displays You have created a service.
-
Right-click CVWebService, and then click Browse.
The default web browser opens and displays WebService is Running.
-
Note
You must also update the nDM2WEBSITEPORT registry key under Session with the same port number used by IIS.
Step 5 (Conditional): Updating the configuration.properties File for Compliance Search
Applies to: CommCell environments that use Compliance Search
To configure secure access for the Web Server, update the configuration.properties file for the Compliance Search computer that is pointing to the Web Server where HTTPS is configured.
-
Log on to the Compliance Search computer.
-
Go to software_installation_path\WebClient\Web-INF\Classes.
-
Back up the configuration.properties file by making a copy of the file.
-
Open the configuration.properties file, and then update the WebServiceURL parameter to use HTTPS and the port number that is used in the HTTPS site binding:
WebServiceURL=https://server.domain.company:port/SearchSvc
-
Restart the Tomcat services.
Note
If Compliance Search and Web Console are on the same computer, you can restart the Tomcat services after you complete Step 6: Updating the Web Console Computer.
Step 6: Updating the Web Console Computer
To configure secure access for the Web Server, update the baseUrl registry key on the Web Console computer that is pointing to the Web Server where HTTPS is configured. If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file.
-
Log on to the Web Console computer.
-
Open the registry editor and click:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\instance\WebConsole
where instance is the installation instance of the Web Console.
-
Right-click the baseUrl registry key, and then click Modify.
-
In the Value Data box, update the value to use HTTPS and the port number that is used in the HTTPS site binding:
https://server.domain.company:port/SearchSvc/CVWebService.svc
-
If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file:
-
Right-click the proxyServiceUrl registry key, and then click Modify.
Note
If proxyServiceUrl does not exist, create it and use string as the type.
-
In the Value Data box, update the value to use HTTPS and the port number that is used in the HTTPS site binding:
https://server.domain.company:port/proxysvc/proxy.aspx
-
Go to software_installation_path\CVProxyService.
-
Back up the ProxySettings.config file by making a copy of the file.
-
Open the ProxySettings.config file, and then update the WEB_SERVICE_URL parameter to use HTTPS and the port number that is used in the HTTPS site binding:
<add key="WEB_SERVICE_URL" value="https://server.domain.company:port/SearchSvc/CVWebService.svc/" />
-
-
Restart the Tomcat services.
Step 7: Specifying the Port Number on the CommServe Computer
To configure secure access for the Web Server, specify the port number that was used in the HTTPS site binding. HTTPS will be used with this port number.
-
Log on to the CommCell Console.
-
To the Web Server computer, add the WebServerHttpSecure additional setting as shown in the following table.
For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
Property
Value
Name
Category
DM2WebSearchServer
Type
Integer
Value
Enter the port number that is used in the HTTPS site binding.
-
Restart the Commvault Server Event Manager (EvMgrS) service.
Step 8: Specifying the Default Web Server
To configure secure access for the Web Server, specify the Web Server that you configured for HTTPS as the default web server for search.
-
Log on to the CommCell Console.
-
From the CommCell Console ribbon, on the Home tab, click Control Panel.
The Control Panel dialog box appears.
-
Under User, click Browse/Search/Recovery Options.
The Browse/Search/Recovery Options dialog box appears.
-
From the Default Web Server for Search list, select the Web Server that you configured for HTTPS.
-
Click OK.