How to configure HTTPS for secure web access in Dell EMC OpenManage Network Manager (OMNM) 6.2
Resumen: How to configure HTTPS for secure web access in Dell EMC OpenManage Network Manager (OMNM) 6.2
Instrucciones
Summary: In this article we’ll be explaining how to configure HTTPS for secure web access in Dell EMC OpenManage Network Manager (OMNM) 6.2. First we’ll setup the SSL key and certificate required. Then we’ll edit the setenv.sh and setenv.bat files to enable SSL and set the SSL key password. Last we’ll restart the OMNM application and web server to make the changes take effect. Now let’s begin and follow the steps below.
NOTE: Our example is from the OMNM 6.2 VM Appliance. These steps can also be followed from a Windows or Linux OMNM installation as well. Although, the root path or installation directory for OMNM may be different than follows. In the VM Appliance our installation directory is /opt/VAroot/dell/openmanage/networkmanager/. Typically, the installation directory for most Windows installations would be something like C:\Program Files\Dell\OpenManage\Network Manager.
In a Windows installation you’ll need to login to the local server as the administrative user and open a Windows command prompt. Then type the command oware and press Enter to source the environment which you can follow the below steps from.
In a Linux host you may need to type the command . /etc/.dsienv to source the oware environment.
1. If you’re going to give your server a hostname other than the default name "synergy" you’ll need to do this first. The SSL key we’ll be creating requires the hostname of the server when generated. If you’re not familiar with how to configure the hostname on the VM Appliance click Here to pull up an article for assistance.
2. Create the SSL key.
[synergy@OMNM-Ref-VM ~]$ cd /opt/VAroot/dell/openmanage/networkmanager/oware/synergy/tomcat-7.0.40/bin/certs/
[synergy@OMNM-Ref-VM certs]$ openssl
OpenSSL> genrsa -des3 -out tomcatkey.pem 2048
When it asks for the pass phrase enter whatever you like. In this example we used ssl123 as the pass phrase.
Enter pass phrase for tomcatkey.pem: ssl123
Verifying - Enter pass phrase for tomcatkey.pem: ssl123
3. Create the SSL certificate.
OpenSSL> req -new -x509 -key tomcatkey.pem -out tomcat.pem -days 1095
Enter pass phrase for tomcatkey.pem: ssl123
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Round Rock
Organization Name (eg, company) [Default Company Ltd]:Dell EMC
Organizational Unit Name (eg, section) []:Networking EERC
Common Name (eg, your name or your server's hostname) []:OMNM-Ref-VM.dellnetworking.lab
Email Address []:engineer@dellnetworking.lab
OpenSSL> exit
Now you should see the SSL key and certificate under the <installation root>/oware/synergy/tomcat-7.0.40/bin/certs/ directory.
[synergy@OMNM-Ref-VM certs]$ ls –l
total 12
-rwxrwx--- 1 synergy synergy 121 Jan 21 2017 README.txt
-rw-rw-r-- 1 synergy synergy 1751 Sep 8 01:08 tomcatkey.pem
-rw-rw-r-- 1 synergy synergy 1554 Sep 8 01:09 tomcat.pem
4. Use a text editor to edit the setenv.sh and/or setenv.bat file(s). If you’re on a Windows installation of OMNM you’ll edit the setenv.bat file. For Linux installs and the VM appliance edit setenv.sh. Just for the purpose of showing both examples, we’ve edited both.
Example using Vi text editor:
[synergy@OMNM-Ref-VM certs]$ cd ..
[synergy@OMNM-Ref-VM bin]$ ls
bootstrap.jar commons-daemon.jar daemon.sh service.bat shutdown.bat tomcat-juli.jar version.sh
catalina.bat commons-daemon-native.tar.gz digest.bat setclasspath.bat shutdown.sh tomcat-native.tar.gz
catalina.sh configtest.bat digest.sh setclasspath.sh startportal.sh tool-wrapper.bat
catalina-tasks.xml configtest.sh native setenv.bat startup.bat tool-wrapper.sh
certs cpappend.bat portal.url setenv.sh startup.sh version.bat
[synergy@OMNM-Ref-VM bin]$ sudo vi setenv.sh
If using Vi you’ll press i to insert text. Now edit the following lines.
ENABLE_SSL="true"
SSL_PASSWORD="ssl123"
Now press Esc to stop inserting text. Then type :wq to save the file and close the Vi editor.
If editing the setenv.bat file in a Windows installation you’ll edit the following lines.
set "ENABLE_SSL=true"
set "SSL_PASSWORD=ssl123"
The screenshot below is using Vi text editor from the VM appliance, but you can use Notepad or pretty much any other text editor in Windows to edit this file.
5. Stop and restart the OMNM application and web servers.
[synergy@OMNM-Ref-VM bin]$ pmstopall ---stops the application server
[synergy@OMNM-Ref-VM bin]$ sudo service synergy stop ---stops the web server
[synergy@OMNM-Ref-VM bin]$ pmstartall ---starts the application server
[synergy@OMNM-Ref-VM bin]$ sudo service synergy start ---starts the web server
[synergy@OMNM-Ref-VM bin]$ sudo service synergy status ---check the status of the web server
[synergy@OMNM-Ref-VM bin]$ watch -n 5 pmgetstatus ---check status of the application server every 5 seconds (normally takes about 5 minutes to go into ready status)
Press Ctrl+c to stop watch command.
6. Now you should be able to browse to your OMNM server using IP or hostname via HTTPS in your web browser.
NOTE: OMNM uses TCP port 8443 instead of 443 for SSL/HTTPS connections to the web server.
