Enabling Secured Access for the Web Server On the Linux Computer

You can enable secured access using https on the web server available on the Linux computer. You must have access to the Web Server computer, the Command Center computer, and the CommCell Console. You must use a certificate signed by a well-known certificate authority (CA)

Step 1: Create and Complete a Certificate Request

To configure HTTPS on a web service, you must use a certificate signed by a well-known certificate authority (CA).

1. Log on to the Web Server computer.

2. Create a certificate request for the Web Server computer.

3. Submit the certificate to a well-known CA.

   The CA will sign the certificate.

4. After the CA returns the signed certificate, complete the certificate request.

Step 2: Update the Command Center Computer

To configure secure access for the Web Server, update the baseUrl registry key on the Command Center computer that is pointing to the Web Server where HTTPS is configured. If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file.

1. Log on to the Command Center computer.

2. Open to the following file:

   /etc/CommVaultRegistry/Galaxy/Instance001/WebConsole/.properties

   where instance is the installation instance of the Command Center.

3. Update the baseUrl value to use HTTPS and port number that should be used in the HTTPS web services:

   https://server.domain.company:port/SearchSvc/CVWebService.svc

   Note

   If custom https port is used other than the default, add the nDM2WEBSITEPORT additional setting, and then use this port in the baseURL above.

4. If you use a proxy service, update the proxyServiceUrl registry key and the ProxySettings.config file:

   1. Right-click the proxyServiceUrl registry key, and then click Modify.

      Note

      If proxyServiceUrl does not exist, create it and use string as the type.

   2. In the Value Data box, update the value to use HTTPS and the port number that is used in the HTTPS site binding:

      https://server.domain.company:port/proxysvc/proxy.aspx

   3. Go to software_installation_path/CVProxyService.

   4. Back up the ProxySettings.config file by making a copy of the file.

   5. Open the ProxySettings.config file, and then update the WEB_SERVICE_URL parameter to use HTTPS and the port number that is used in the HTTPS site binding:

       
      <add key="WEB_SERVICE_URL" value="https://server.domain.company:port/SearchSvc/CVWebService.svc/" />

5. Restart the Tomcat services.

Step 3: Add a credential in credential vault to store the certificate password

Add a built-in credential vault for the Web Server certificate password.

For instructions for adding a credential entity, see Adding a Credential to a Built-in Credential Vault.

Step 4: Specify the Certificate Path on the CommServe Computer

To configure secure access for the Web Server, specify the certificate path that was used in the HTTPS web services.

1. Log on to the CommCell Console.

2. To the Web Server computer, add the sWebServerHttpsCertPath and sWebServerHttpsCertPassword additional settings as shown in the following table.

   For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.

3. Add the entity settings as follows:

   Name	Entity	Category	Type	Value
   sWebServerHttpsCertPath	The Web Server	Session	String	The file system path to the SSL/TLS certificate (in PFX or PEM format) that Kestrel will load for HTTPS. This setting helps the Web Server to locate and present the correct certificate when establishing secure connections.
   sWebServerHttpsCertPassword	The Web Server	Session	String	The name of the credential vault that has certificate password used in the sWebServerHttpsCertPath additional setting.
   nDM2WEBSITEPORT	The Web Server	Session	Integer	The custom port number that is used to launch the Web Server.

4. Restart the Commvault Server Event Manager (EvMgrS) service.