Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

Using HTTPS to Access MGR GUI (Without CA)

Overview

If you are moving towards using HTTPS instead of HTTP while accessing the MGR GUI, you should enable HTTPS and disable HTTP. By default, HTTPS is already configured with a certificate (not CA), and a minor change is required.


This article provides step-by-step instructions on how to use HTTPS to access the MGR GUI without Certificate Authority (CA). This can be achieved by checking if there is a certificate already configured for MGR and then proceed to enable HTTPS and disable HTTP.

 

 

Process

Step 1: Checking If There Is a Certificate Already Configured for MGR

  1. Check if both the .key and .crt files exist. As a TextPass user, run the following command:

    $ ls -ltrh /var/TextPass/MGR/conf/ssl

    Output:

    total 8.0K
    -rw-r--r-- 1 textpass textpass 887 Jul 15 13:52 server.key
    -rw-r--r-- 1 textpass textpass 782 Jul 15 13:52 server.crt
  2. Check in the MGR.conf file if HTTPS is already configured to work:

    1. $ grep SSLCertificate /var/TextPass/MGR/conf/MGR.conf


      Output:

      SSLCertificateFile /var/TextPass/MGR/conf/ssl/server.crt
      SSLCertificateKeyFile /var/TextPass/MGR/conf/ssl/server.key      		 


    2. $ head -25 /var/TextPass/MGR/conf/MGR.conf


      Output:

      ##
      ## httpd.conf -- Apache HTTP server configuration file
      ##
      ServerRoot "/var/TextPass/MGR/www"
      PidFile /var/TextPass/MGR/pid/mgr.pid
      Timeout 300
      KeepAlive On
      MaxKeepAliveRequests 100
      KeepAliveTimeout 15
      MinSpareServers 2
      MaxSpareServers 10
      StartServers 3
      MaxClients 15
      MaxRequestsPerChild 1000
      Listen 80
      <IfDefine SSL>
      Listen 443
      </IfDefine>

      User textpass
      Group textpass
      ServerAdmin root@127.0.0.1
      ServerName localhost
  3. Based on the output of steps 1 and 2, the actual certificate file should exist and be configured in
    MGR.conf.

    NOTE: In the output of step 2, the line Listen 80 is for HTTP, and the line Listen 443 is for HTTPS. If the line is not commented out, then it is configured to work.

 

Step 2: Enabling HTTPS and Disabling HTTP

To enable or disable HTTP or HTTPS, follow these steps as a TextPass user:

  1. Go to /var/TextPass/MGR/conf/
  2. Back up the existing MGR.conf file:

    $ cp -p MGR.conf MGR.conf_YYYYMMDD
  3. Update the MGR.conf file based on what you want to achieve. As explained in the NOTE section of the above segment:
    • To disable, comment the lines of the access you want to disable.
    • To enable, comment out the lines.
  4. As a root user, restart the MGR process to apply the changes:

    # systemctl restart mgr
  5. After the MGR process has fully restarted, test the GUI access based on the changes made.

 

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments