Enabling HTTPS Configuration

Enabling https helps you have secure data transmission from your end to the server end. By enabling https, the encrypted data will be sent securely to the server whose authenticity will be verified using the SSL certificate. This helps in enhacing network security. To enable HTTPS in OpManager, kindly follow the below steps.

Note:

From version 126278, during installation, SSL will be enabled by default with a self signed certificate in all the editions, to enhance security. Administrator users can update the SSL certificate under Settings -> Security settings. After OpManager has been upgraded to the latest version, SSL will be recommended to be enabled through the UI. Click here to know more about SSL security recommendation

For OpManager versions 123181 and above

  1. Go to Settings → Basic Settings → Security Settings.
  2. Enable the "Secure Mode" button.
  3. Once the button is enabled, you will be prompted to choose from three options, namely:
    • Generate a CSR
    • Self-signed Certificate
    • Import Certificate

  4. Generate CSR:

    This option helps you generate a Certificate Signing Request (CSR). A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair. A CSR is generally encoded using ASN.1 according to the PKCS #10 specification.

  5. A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated by it. So if you lose the private key, the certificate will no longer work.

  6. Once you click on 'Generate CSR', you will have to fill out a few information for the certificate you want to create for use in OpManager Server.

  7. On clicking the Generate button, your CSR and Server Key files will be downloaded as a ZIP file. Extract the file and use the "OpManager.csr" file to get a signed certificate from a CA of your choice.

  8. After getting signed by the CA, you will get a certificate file which you can import into OpManager using the Import Certificate option discussed below.
  9. Self-Signed Certificate:This option lets you enable SSL in OpManager with a self-generated and self-signed certificate. This certificate is safe to use and is equally secure. But browsers may display them as untrusted since it is not signed by a Valid CA (Certificate Authority).

  10. You will be prompted to restart OpManager for the changes to take effect.

  11. Import Certificate:
    Use this option if you already have a valid certificate and key files (or) a keystore or a PFX file with the certificate.

  12. Select a certificate file.

  13. Select the appropriate "key" file.

  14. Verify and choose Import.

  15. If the certificate cannot be validated with trusted sources, you will be asked to provide the intermediate certificates and root certificate files.

  16. Once uploaded, verify the certificate and click Import.

  17. On successful import, you will be prompted to restart OpManager.

  18. Importing from PFX or Keystore:
    If you are using a Keystore or a PFX file, you will be prompted to input the password for opening the file.

  19. On clicking Fetch, you will be provided with a list of Key-entries present in the keystore. Choose a specific alias which is to be used to enable SSL in OpManager.

  20. You will be shown a preview of the certificate information, verify and click on Importfor using the certificate.

     

  21. Finally you will be prompted to restart OpManager for the changes to take effect.

     

  22. Finally, after enabling SSL through one of the above ways, you will be able to connect to OpManager in secure mode:

Note:

  • To enable SSL in a failover configured instance of OpManager using a third party certificate, the certificate should have the Primary host name as the Common Name, and the Secondary Host name as the Subject Alternative Name (SAN) in it.
  • If Failover is configured with the Shared folder, once the SSL certificate is applied in the Primary server, the details will be automatically updated to the Secondary server.

SSL Security Recommendation:

  • During the evaluation, both HTTP and HTTPS ports will be accessible. If HTTP is used, the security recommendation popup will notify the user to use HTTPS when they login.

    • SSL recommendation

  • Once the registered license is applied, the user will be prompted to restart once. This restart is required to enable automatic redirection to HTTPS when the web client is accessed using HTTP.

    • SSL recommendation

  • After upgrading to version 126278 or above, the admin user will be recommended to enable SSL after login. This notification can be skipped for 2 weeks, after which the recommendation will be displayed again.

    • SSL recommendation

  • If OpManager Enterprise Edition or an Agent has been installed, the option to disable SSL will be restricted.

    • OpManager SSL option enabled

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.