Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

Using HTTPS to Access MGR GUI (With CA)

Overview

If you are moving towards using HTTPS instead of HTTP while accessing the MGR GUI, you should enable HTTPS and disable HTTP. If the end-user wants to use a CA-signed certificate, they should purchase this on their own from a trusted certificate authority.

This article provides step-by-step instructions on how to copy the certificate received from the registration authority and install it to access the MGR GUI.

 

Process

Step 1: Copying the Certificate

  1. Collect the certificate from the certificate registration authority. After the certificate request has been approved, the end-user who purchased the CA-signed certificate receives an email from the registration authority containing a link to a location where the certificate can be obtained.
  2. Clicking on this link brings up a browser window that contains the details of your issued certificate and includes a section that looks like the following:

    -----BEGIN CERTIFICATE-----
    MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
    UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
    (.......)
    E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
    K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
    -----END CERTIFICATE-----
  3. Copy everything you see between and including the lines that look like:

    -----BEGIN CERTIFICATE-----
    (and)
-----END CERTIFICATE-----
  4. Paste to the crt file in the MGR node. In the MGR node, as a TextPass user, back up the server.crt file:

    $ cp -p /var/TextPass/MGR/conf/ssl/server.crt /var/TextPass/MGR/conf/ssl/server.crt_YYYYMMDD
  5. Paste the new certificate copied to the server.crt file in the MGR node.

 

 

Step 2: Installing the Certificate

  1. Copy the certificate file (server.crt) to the directory below:

    /var/TextPass/MGR/conf/ssl/
  2. Go to the/var/TextPass/MGR/conf/ssl/ directory.
  3. Backup the existing server.key file:

     $ cp -p server.key server.key_YYYYMMDD
  4. Generate the server key using the command:

    $ openssl genrsa -des3 -out server.key 2048

    Output:

    Generating RSA private key, 1024 bit long modulus
    ..................................................................++++++
    ............++++++
    e is 65537 (0x10001)
    Enter pass phrase for server.key: 123456
    Verifying - Enter pass phrase for server.key:123456
  5. Check if the key was created:

    $ ls -ltrh /var/TextPass/MGR/conf/ssl/

 

 

Step 3: Enabling HTTPS and Disabling HTTP

To enable or disable HTTP or HTTPS, follow these steps as a TextPass user:

  1. Go to /var/TextPass/MGR/conf/.
  2. Back up the existing MGR.conf file:

    $ cp -p MGR.conf MGR.conf_YYYYMMDD
  3. Update the MGR.conf file based on what you want to achieve. If the command line is not commented out, then it is configured to work. :
    • To disable, comment the lines of the access you want to disable.
    • To enable, comment out the lines.
  4. As a root user, restart the MGR process to apply the changes:

    # systemctl restart mgr
  5. After the MGR process has fully restarted, test the GUI access based on the changes made.

 

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments