KPI Management - Using HTTPS
If you want to run KPI Management using HTTPS, you need to follow these steps:
Create a Keystore for the SC
Start the generation sequence by entering:
$ keytool -keystore <path to where the keystore should be placed>/kpi.keys -genkeypair -keyalg RSA -alias kpisc -ext san=ip:<your SC ip address>
Note!
The directory where the keys are to be placed should exist before running this command.
- Enter a password when prompted.
- When asked “What is your first and last name?” type in your SC host (localhost, for example)
- Leave the rest of the fields for the CN empty.
- When asked to verify that the CN is correct, enter yes.
- Enter the password for the platform when prompted.
Your keystore has now been created.
Export a Certificate from the Created Keystore
Start the export sequence by entering:
$ keytool -keystore <path to where the keystore is placed>/kpi.keys -export -rfc -alias kpisc -file <path to where the keystore is placed>/kpi.pem
- Enter the password for the keystore when prompted.
The certificate has now been created.
Import the Certificate into the CAcerts
The certificate should be imported on the machines that will connect to you kpisc, Spark, SC etc. Follow this procedure for each machine:
Start the import sequence by entering:
$ keytool -import -alias platform -file <path to where the keystore is placed>/kpi.pem -keystore $JAVA_HOME/jre/lib/security/cacerts -keypass <certificate password> -storepass <keystore password>e
Note!
You need to have
root
privileges to execute this command.- Enter the password for the CAcert keystore when prompted.
The certificate is now imported.
Configure HTTP Properties for KPISC
Configure the following HTTP properties:
Note!
These properties are as described for general HTTP Configuration in the System Administrator's Guide. When using them for KPI Management the values entered should be as follows:
<keystore path>
for themz.httpd.security.keystore
property should be the path to your local keystore where you created the keystore.<password>
for themz.httpd.security.keystore.password
andmz.httpd.security.key.password
properties should be the one you set when creating the keystore.
Now you are ready to get started with KPI Management using HTTPS.
Browser Configuration
To make the KPI Management WebUI work with HTTPS:
- Navigate directly to your service model in your browser by using a URL pointing out the model;
https://<platform host>:8095/api/v1/model?config=<service model>
.
You will see a message saying that the certificate is not trusted and there will be a button you can click to add an exclusion for it. - Add an exclusion for the certificate.
The content will now be available for editing.
See Creating a Profile and Service Model Using the Model Builder for further information on how to create and edit your service models.