Difference between revisions of "Setting up https secure connection"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 1: Line 1:
= Installing SSL =
= Installing SSL =
In new MOR (starting from X14) and M2 installs, SSL with self-signed certificate is preconfigured (using external sever IP).
In new MOR (starting from X14) and M2 installs, SSL with self-signed certificate is preconfigured (using external sever IP).
If you have older MOR and M2 installations, and SSL was not configured previously, you can configure self-signed certificate by running the following script:
If you have older MOR and M2 installations, and SSL was not configured previously, you can configure self-signed certificate in MOR by running the following script:
  /usr/src/mor/x14/gui/ssl_install.sh (/usr/src/m2/gui/ssh_install.sh for M2)
 
For MOR:
  /usr/src/mor/x14/gui/ssl_install.sh  
 
For M2:
/usr/src/m2/gui/ssh_install.sh  




Line 12: Line 17:
  service httpd restart
  service httpd restart


If you have domain name, replace IP_ADDRESS with your domain name and regenerate certification files with new information with command bellow:
== Configure Domain Name ==
 
If you have domain name, replace IP_ADDRESS (which will be your external IP address) with your domain name and regenerate certification files with new information with command bellow:
   openssl req -new -newkey rsa:4096 -days 365 -nodes  -x509  -keyout /etc/httpd/ssl/apache.key -out  /etc/httpd/ssl/apache.crt
   openssl req -new -newkey rsa:4096 -days 365 -nodes  -x509  -keyout /etc/httpd/ssl/apache.key -out  /etc/httpd/ssl/apache.crt
Enter information as requested, in common name section please enter your domain name.
Enter information as requested, in common name section please enter your domain name.

Revision as of 10:22, 5 March 2019

Installing SSL

In new MOR (starting from X14) and M2 installs, SSL with self-signed certificate is preconfigured (using external sever IP). If you have older MOR and M2 installations, and SSL was not configured previously, you can configure self-signed certificate in MOR by running the following script:

For MOR:

/usr/src/mor/x14/gui/ssl_install.sh 

For M2:

/usr/src/m2/gui/ssh_install.sh 


By default redirection from http to https is not enabled by default. To enable it, please open file /etc/httpd/conf.d/mor_ssl.conf (m2_ssl.conf for M2) and uncomment last line:

 ServerName IP_ADDRESS
 # RedirectMatch permanent ^/$ https://IP_ADDRESS/billing/callc/login

And restart httpd service

service httpd restart

Configure Domain Name

If you have domain name, replace IP_ADDRESS (which will be your external IP address) with your domain name and regenerate certification files with new information with command bellow:

 openssl req -new -newkey rsa:4096 -days 365 -nodes  -x509   -keyout /etc/httpd/ssl/apache.key -out  /etc/httpd/ssl/apache.crt

Enter information as requested, in common name section please enter your domain name.


Cron Actions

If SSL redirection is enabled, ensure that hourly actions are able to access GUI internally:

wget http://127.0.0.1/billing/callc/hourly_actions

if it does not work, adjust domain or add --no-check-certificate.

Once command works, make same adjustments on /etc/cron.d/mor_hourly_actions, mor_daily_actions and mor_monthly_actions.

!!!DO NOT TEST RUN daily AND monthly ACTIONS MANUALLY!!! just adjust cron files, save then and restart crond service.