VMware Cloud Community
hypermike
Contributor
Contributor

using the secure port when accessing the hyperic server ERROR MESSAQGES

Im trying to connect either locally or remotely to my hyperic server login web page using the 7443 port. I believ this uses ssl . Im getting an Website Certified by an unknown Authority
ERROR message which may be caused by Browser does noit recognize CericateAuthority or
Sites certificate is incomplete due to server misconfiguration or
you are connected to a site pretending to be Hyperic HQ

These are the options
A. to accept certificate permanently
B. accept this certificate for this session
C. Do NOt accept this certificate

Is this because I used the default install . How do I configure the server and client to only use the sercure port over ssl (7443).
Is ERROR message a known issue and should I reply to accept permanently ???
Reply
0 Kudos
3 Replies
john_hyperic
Hot Shot
Hot Shot

That is just your browser saying it does not recognize the signing authority on the SSL certificate. Which is completely normal since it's self-signed by Hyperic. You can select either of the "accept" options and will then be able to log into HQ over HTTPS.

As for configuring the server to only use SSL communication, there are a couple options. One would be to disable the HTTP connector in the HQ Tomcat. Another is to front your HQ installation with an Apache server (configured as a proxy or using mod_jk). Then use a firewall (iptables or Windows Firewall would work fine) to firewall the ports you do not want open (7080, 7443, etc) and only allow access to HQ via the SSL enabled Apache.

This would obviously require that you configure all your agents to talk to the server via this SSL channel (unless you have further advanced firewall configuration)
Reply
0 Kudos
hypermike
Contributor
Contributor

.Your first action was to :
One would be to disable the HTTP connector in the HQ Tomcat. Is this done via some
HQ server config file ?

I am running a iptables firewall. Is NOt allowing the 7080 port enough via this table or
are other restrictions necessary. Im running linux 6.06 Ubuntu.
Reply
0 Kudos
john_hyperic
Hot Shot
Hot Shot

Not allowing access to 7080 using iptables would get you exactly what you wanted and would be the easiest solution.

The other option is to disable the HTTP connector which would stop JBoss from listening on that port altogether. To do this, you would need to edit the config file server-2.7.5/conf/templates/server.xml and comment out the section that starts like:

<Connector port="@@@server.webapp.port@@@" address="${jboss.bind.address}"

Restart the HQ Server and it will not be listening on 7080 anymore.
Reply
0 Kudos