IBM Support

How to enable HTTPS on RTM in RHEL

How To


Summary

Enable HTTPS in RTM 10.1 on RHEL so that the URL http://ip_address/cacti will be directly changed to https://ip_address/cacti

Objective

Note: Assuming the source and destination RTM installation directory is /opt/IBM. If destination directory is not the default /opt/IBM. change the paths below accordingly.

Environment

RTM 9.1.x / RTM 10.1.0.x in RHEL 5.x/ RHEL 6.x/ RHEL 7.x

Steps

1) Check SSL configuration
Because RTM automatically installed mod_ssl, and the crt and key file has been created by mod_ssl automatically. So we do not need to configure it manually. Just verify if this is OK.

Check that port 443 is active and crt and key file exist.
[root@ac-kvm5 ~]# netstat -apn| grep httpd
tcp        0      0 :::80                       :::*                        LISTEN      23891/httpd
tcp        0      0 :::443                      :::*                        LISTEN      23891/httpd

Check /etc/pki/tls/certs/localhost.crt for crt file.
Check /etc/pki/tls/private/localhost. key for key file.

Note: Port 443 is open by default in RHEL, but if it is closed:
# systemctl start firewalld
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reload
# iptables-save | grep 443 # check if it is open

 

# rpm -q --scripts mod_ssl  make sure the following output

postinstall scriptlet (using /bin/sh):
umask 077

if [ ! -f /etc/pki/tls/private/localhost.key ] ; then
/usr/bin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > /etc/pki/tls/private/localhost.key 2> /dev/null
fi

FQDN=`hostname`
if [ "x${FQDN}" = "x" ]; then
   FQDN=localhost.localdomain
fi

if [ ! -f /etc/pki/tls/certs/localhost.crt ] ; then
cat << EOF | /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
         -x509 -days 365 -set_serial $RANDOM \
         -out /etc/pki/tls/certs/localhost.crt 2>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
fi

#ll /etc/pki/tls/private/localhost.key
-rw-------. 1 root root 887 Jul  9 13:55 localhost.key
#ll /etc/pki/tls/certs/localhost.crt
-rw-------. 1 root root 1111 Jul  9 13:55 /etc/pki/tls/certs/localhost.crt

Test:
Logon to rtm server using http://ip_address/cacti OK.
Logon to rtm server using https://ip_address/cacti OK.

2) Download the Cacti Plugin is here:
https://docs.cacti.net/plugin:ssl
Steps: Download Archive: ssl-v0.1.tar.gz, unzip it into /opt/IBM/cacti/plugins/ssl.

3) Logon to rtm server, go to Console->Configuration->Plugin Management, click install plugin, then the pluginis OK for use.

Test: 
Logon to rtm server using http://ip_adress/cacti, the URL will be directly change to https://ip_adress/cacti. Check some other links, also re-direct to https well. 

Note: When you look at Web page, after click install Old plugin, there is no "Enable Plugin" button. But the function already works.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZT2D","label":"IBM Spectrum LSF RTM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
03 July 2018

UID

ibm10715979

Page Feedback