Overview
Secure Socket Layer (SSL) is a protocol that provides communications security between a client and a server by implementing encrypted data and certificate-based authentication.
SSL is a mature protocol and is supported by most browsers.
SSL uses encryption while transmitting data between two or more parties where the sender encrypts the data and the receiver decrypts the data. This method is known as public key encryption. For the public key encryption to take place, the parties in the loop must present a certificate before transmitting any encrypted data.
To ensure that the certificate used is valid, the SSL usually contacts a trusted third-party server called a Certificate Authority (CA).
HTTP vs HTTPS
HTTPS uses SSL protocols to transmit data. When a message is sent using HTTPS, the message is first encrypted with SSL, sent and received using HTTP, and finally decrypted using SSL.
In comparison to HTTP, HTTPS provides better security through encryption and uses digital certificates.
Generate key pairs and certificates
Performance Monitoring Toolset supports the following keystore types:
- JKS
- PKCS12
To generate the keys and certificate, you can use the keytool utility that is bundled with JDK. You can also use third-party certificates or use OpenSSL to create keys and certificates.
Using keytool, enter either in the command prompt:
JKS:
keytool -genkey -keyalg RSA -alias selfsigned -keystore <keystore.jks> -storepass <password> -validity 360 -keysize 2048
PKCS 12:
keytool -genkey -alias pmtpkcs12 -keystore </path/to/keystore.pfx> -storetype PKCS12 -keyalg RSA -storepass <password> -validity 730 -keysize 2048
After you enter the command, the keytool will ask you to enter the values for Common Name (CN), Organizational Unit (OU), Organization(O), Locality (L), State (ST) and Country (C).
You can also set the passwords for the keystore and the keystore alias.
The CN must match the domain name of Performance Monitoring Toolset.
Configure HTTPS in Performance Monitoring Toolset
To serve Performance Monitoring Toolset dashboard over HTTPS/SSL, perform the following steps:
On the home page of Performance Monitoring Toolset, click Settings.
In the General tab, choose the option HTTPS.
After you choose HTTPS, you must enter the path to the keystore and the password of the keystore in the section SSL.
To save your changes, click Submit. Restart Performance Monitoring Toolset for the changes to take effect.
After the restart, to launch Performance Monitoring Toolset using HTTPS, enter the URL of Performance Monitoring Toolset after entering HTTPS, as shown below:
https://<domain of Performance Monitoring Toolset >:<port>/dashboard