For CA Nimsoft Monitor
Administrators can configure UMP to use HTTPS, so that users log in to UMP via a secure connection. This entails configuring the wasp for HTTPS, and then importing an SSL certificate–either a self-signed or an authority-signed certificate–into the wasp.keystore.
The wasp (Web Application Service Provider) is an embedded Tomcat web server running as a probe. It is distributed to the system during the UMP installation, and afterward, appears as a probe in Infrastructure Manager and in Admin Console.
Regardless of the certificate you wish to implement, the first step is to modify the wasp.cfg file to enable HTTPS. When this change takes effect, the following occurs:
- The wasp.keystore, an encrypted file that stores certificates, is generated in the directory <UMP_installation>/Nimsoft/probes/service/wasp/conf
- A 1024-bit self-signed certificate is automatically generated in the wasp.keystore
To use a different certificate, you must replace the 1024-bit self-signed certificate that is automatically generated. You will be required to enter a valid password for the wasp.keystore; however, the wasp.keystore has a hard-coded, unknown password. Therefore, the first time you configure the wasp for HTTPS, execute the ssl_reinitialize_keystore callback and set a new password.
The ssl_reinitialize_keystore callback re-creates the wasp.keystore and its password hash. When you run this callback, enter a new password as an argument, and then securely store the new password for future use. If you lose or forget this password, the only way to reset it is to reinitialize the wasp.keystore again.
Important! Use caution with the ssl_reinitialize_keystore callback. This callback changes the encryption hash of the wasp.keystore, and will invalidate any certificates you are currently using. For this reason, it is strongly recommended that you back up individual key and certificate files, so that if you have to reinitialize the keystore, you can reload the keys and certificates into the new keystore.
In addition, do not use the keytool utility to change the password of the wasp.keystore; the wasp will not recognize the new password. Currently, the only way to change the password of the wasp.keystore is to use the ssl_reinitialize_keystore callback.
For the complete instructions for configuring UMP to use HTTPS, see the UMP HTTPS Implementation Guide available at docs.nimsoft.com.