HTTPs Configuration for Hi-Track Monitor

There are three stages in configuring Hi-Track Monitor:

Creating the certificate to be used by HTTPs.
Adding the certificate to the Hi-Track Monitor configuration.
Enabling HTTPs.

Note that the Hi-Track Monitor installation process does not define its own Java utilities as 'system' utilities. Therefore qualified filenames should always be used to access the correct utility programs.
For instance, use jre/bin/keytool to access the correct 'keytool' program from the Hi-Track installation. Using an unqualified keytool may invoke a different program with unpredictable results.
All relative file references in this document are relative to the Hi-Track Monitor installation directory.
File references use the / character as a path separator. Windows users will need to substitute the \ as a path separator character.

Creating the certificate

A certificate may be created using the Java keytool utility.

This utility is well documented on many sites on the www, including keytool document
The standard keystore is jre/lib/security/cacerts, however it's recommended to put only trusted certificates in this keystore. These instructions place a keystore in the monitor installation directory - it may be placed anywhere.

Note that this certicate and keystore have been created as part of the Hi-Track Monitor installation.
It is shown here only as part of the sequence of converting the Monitor to HTTPs. If you wish to create an alternative certificate, then you should apply the same changes to the later steps as you make to this step.

#jre/bin/keytool -genkey -keystore certStore -keyalg rsa -alias httpscert -validity 36524
will start the certificate generation process, for a certificate named httpscert that will be valid for 100 years (or 36524 days).

keytool will prompt for the additional data needed to create the certificate. The data given in this example relates to the sample certificate supplied with the monitor: Enter keystore password: nureyev38 What is your first and lastname? [Unknown] techops.hds.com What is the name of your organizational unit? [Unknown] Tech Ops. What is the name of your organiztion? [Unknown] Hitachi Data Systems What is the name of your City or Locality? [Unknown] San Diego What is the name of your State or Province? [Unknown] California What is the two-letter country code for this unit? [Unkown] CA Is CN=techops.hds.com, OU=Tech Ops., O=Hitachi Data Systems, L=San Diego, ST=California, C=CA correct? [no] yes Enter key password for (RETURN if sanme as keystore password): hookham19

The certificate is then generated in the file certStore

`Adding the Certificate to Hi-Track Monitor`


Hi-Track Monitor must be running.

Login as the Administrator and access the User Management menu.

Fron the Select type of Security Object to display
select SSL from the drop down list and click Refresh.

The second part of the page now displays Currently Defined 'SSL' Security Objects.
Overwrite -Add New User Here- with a new name - this does not have to be the same as the certificate name, but in this example, it is. Enter httpscert and click Refresh.

The third part of the page now displays Detail for SSL 'httpscert'.
Fill in the details as defined previously for the certificate:
Security Name: httpscert

Certificate Store: certStore

Store Password: nureyev38

Certificate Password: hookham19

Types: SST User

Certificate Subject: httpscert

Security Name:	httpscert
Certificate Store:	certStore
Store Password:	nureyev38
Certificate Password:	hookham19
Types:	SST User
Certificate Subject:	httpscert

and click Refresh.

Enable HTTPs

Stop the monitor and edit the file HitDFmon.config.

Add the entry
HTTPsCertName = httpscert

Close the file and restart the Monitor. Access is now only via HTTPs.

Revert to HTTP

Remove the entry
HTTPsCertName = httpscert
from the file HitDFmon.config, and then restart the Monitor.