SKyPRO Products
Page tree

Versions Compared

Old Version 14

changes.mady.by.user swsupport skypro

Saved on

compared with

New Version 15

changes.mady.by.user swsupport skypro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

              d) Enter the name of the public key file, which you used for export (please see above).

                 

        4. If you use Self-signed certificates, you also have to enter the parameter check-cert=false to launch kibana-http-proxy application.

    5   5. Save changes for config.json file and launch AuditProxy.

    6   6To check if AuditProxy services started properly, open the following URLs in a browser:

          a) https://127.0.0.1:5151/ - to check elasticsearch proxy.

          b) https://127.0.0.1:5050/ - to check kibana proxy.

          c) https://127.0.0.1:9090/ - to check AuditServer config service.

        The page with the login/password request or the message “Protected area” should appear.

         * (where 127.0.0.1 is the name or IP address of the server, where AuditProxy is installed. Please replace it with the correct one, which you use in your system)

         ** if you changed ports for the services, please use the ports, which you entered in config.json

         *** If you use self-signed certificates, there can appear a warning that the certificate, used on the server, is not trusted.

          In this case, you should add exceptions to each of the URLs or import this certificate as trusted to your web-browser (see Web-browser documentation).

                Image Added


           **** To investigate potential problems with SSL certificate and the service operation use a log file, which you can find in the folder with this service.


          SSL certificate installation for AuditDriver

  1. Copy your PKCS12 or JKS keystore to the IDM server, where AuditDriver is installed.
  2. Open settings of AuditDriver in iManager or Designer and make the following changes:

           a) In Elastichsearch server field change the protocol from http to https.

           b) In Elasticsearch SSL Keystore Type field (for HTTPS connection) enter the keystore type, which you use, PKCS12 or JKS.

           c) In Elasticsearch SSL Certificate filepath field (for HTTPS connection) enter the path and the name of your keystore file.

           d) In Elasticsearch passphrase field (for HTTPS connection) enter the passphrase, which you use for your keystore.

              Image Added


      3. Save the setting changes and restart AuditDriver.

      * To investigate potential problems with SSL certificate and the driver operation set debug trace level and debug log file in the driver settings and restart it.

      SSL certificate installation for AuditReport

  1. If you use self-signed certificate for your SECURE LDAP connection, you have to export your Public certificate from the IDM server and add it to PKCS12 keystore.

          (It is easy to do by using KeyStore explorer).

          a) Copy the created keystore into the folder with AuditReport.

          b) Open reportservice.yaml file for editing.

          c) Change the protocol from ldap to ldaps in ldapserver field and enter the port, used for secure ldap.

          d) Enter your keystore file name in ldapsrvkeystore field.

          e) Enter the password, which you use for your keystore in ldapsrvkeysorepwd field.

                 Image Added