Secure Aternity Management Server with SSL Encryption (HTTPS)

This article provides details about how to secure user access to the Aternity Management Server.

Once you have certificates and keys, you can configure SSL encryption (HTTPS). When you configure servers to use Secure Sockets Layer (SSL) encryption, this ensures that access to the server is secure and that data is protected.

Before you begin

To configure servers to use SSL, you must have an SSL certificate. How to generate the SSL certificate for Aternity Management Server, read here.

Procedure

  1. Step 1 Secure Aternity Management Server.
    Secure the Management Server
    Tip

    For secure HTTPS (SSL) web access to Aternity, you must secure both the Aternity Management Server and the Aternity Dashboard Server.

    1. a Stop the AternityPlatform service.

      Wait until the service has the status Stopped (not Stopping).

    2. b Make sure you have your enterprise's certificate. Learn more.
    3. c On that computer, launch the Configuration Tool from the Start menu, by right-clicking it and selecting Run as administrator to start.

      When you create any Aternity server it adds the Configuration Tool.

    4. d Select Reconfigure Server and set the External URL to HTTPS.
      Update Aternity Management Server external URL to HTTPS
      Aternity users use this external URL to access the system.
    5. e Click Next until you reach the Web Server Configuration screen.
    6. f Configure the server for HTTPS.
      Secure SSL connections to this server
      Field Description
      HTTP or HTTPS

      Select HTTPS if you want any connection to this server to be via HTTPS.

      Tip

      To see the Aternity's system-wide security settings, view the security overview of all components.

      Port

      Enter the port required to receive data from the monitored devices. The default for HTTPS is 443.

      Custom keystore

      Enter the pathname of the system's keystore that contains the certificate for verifying Management Server's identity. Additional certificates may interfere with single sign-on processes.

      You must add your enterprise's certificate to the system's Java keystore file (.jks) using Java's keytool utility (see Aternity documentation for creating .jks).

      Custom keystore password

      Enter the password required to access the system's keystore file.

    7. g Select Next repeatedly until you reach the end of the wizard, leaving all other values unchanged.

      This process forces a restart of the Windows service for this Aternity server.

    8. h Start the AternityPlatform service.

      Continue with securing Aternity Dashboard Server (learn more).

  2. Step 2 Once you have secured the Aternity Management Server, you must open the configuration file on the Aternity Docker Components Server and update the URL of the Management Server. Then reconfigure Aternity Docker Components Server.
    Change the management_url parameter in the properties.ini file that resides on the Aternity Docker Components Server.
    Update an external URL
    On Aternity Docker Components Server, run the command:
    ./aternity-docker-admin reconfigure