To provide more security to Web Reports, you can use HTTPS. First, you need to request a Secure Socket Layer (SSL) certificate from a vendor such as Verisign, and then you need to set its location.
To register a certificate, you need a valid configuration file such as the following one:
[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypasswrd
[ req_distinguished_name ]
C = US
ST = California
L = City
O = BigCo
OU = Development
CN = Common
emailAddress = janedoe@bigco.com
[ req_attributes ]
challengePassword = bigcopasswrd
To use HTTPS:
openssl req -new -config "mynewconfig.conf" > cert.csr
openssl rsa -in keyfile.pem -out nopwdkey.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey nopwdkey.pem -days 365
Next, you need to store the path for this file and add or modify sub-keys for the HTTPS flag, for the location of the SSL certificate, for the HTTPS port number, for a listening for HTTP connections and for redirecting the client to HTTPS on the SSL port as follows:
On Windows, open Services, select BESWebReports and on the Action menu, click Restart.
On Linux run from the prompt: service beswebreports restart or /etc/init.d/beswebreports restart
The SSL certificate must be in standard OpenSSL PKCS7 (.pem) file format. If the certificate meets all of the trust requirements of the connecting browser, then the browser connects without any intervention. If the certificate does not meet the trust requirements of the browser, then you are prompted with a dialog asking if it is OK to proceed with the connection, and giving you access to information about the certificate.
Typically, a trusted certificate is one that is signed by a trusted authority (for example, Verisign), contains the correct host name, and is not expired. The .pem file is your SSL certificate, which you must obtain from your CA. If you do not require authentication back to a trusted root, you can also generate a self-signed certificate using OpenSSL utilities. For more information about how to create a self-signed certificate or request a signed certificate from a trusted Certificate Authority, see Setup for SSL on IBM Endpoint Manager Web Reports.