A certificate corresponding to "localhost" is created when the product was installed.
If the Management Server is the same as the server for the web browser (client), certificate creation is not necessary.
If Web Console is served from a different terminal than the Management Server, follow the procedure below on the Management Server to create the certificate.
For Windows environments
Stop the following services.
ETERNUS SF Manager Apache Service
ETERNUS SF Manager Tomcat Service
Open the Services dialog box by clicking Control Panel > Administrative Tools > Services, and then stop the target services.
Open a command prompt, and change to the installDir\Common\sys\apache\conf directory.
The installDir is the directory where ETERNUS SF Manager program is installed.
Example
When the ETERNUS SF Manager is installed in "C:\ETERNUS_SF"
>cd "C:\ETERNUS_SF\Common\sys\apache\conf" <RETURN>
Back up the original certificate file.
Example
>copy server.crt server.crt.org <RETURN> >copy server.key server.key.org <RETURN>
Modify the configuration file. (only when using Microsoft Edge or Chrome)
Open the installDir\Common\sys\apache\conf\chrome_openssl.cnf file using the editor.
The installDir is the directory where ETERNUS SF Manager program is installed.
When specifying the IP address of the Management Server in the web browser address bar to access the Management Server, modify item IP.1.
When specifying the hostname of the Management Server in the web browser address bar to access the Management Server, modify item DNS.1.
In addition, if both of the above methods can be used to access the Management Server, modify both item IP.1 and item DNS.1.
[ alt_names ] IP.1=<IP Address of Management Server> DNS.1=<Host name of Management Server>
Item IP.1 is set to "1.1.1.1" and item DNS.1 is set to "hostname.com" in the initial state.
Execute the command (openssl.exe) to create a certificate for the software.
Example
If Firefox is used, the Management Server IP address is set to "192.0.2.10", and the expiration date is set to 20 years later (-days 7300)
>..\bin\openssl.exe req -sha256 -new -x509 -nodes -newkey rsa:2048 -out server.crt -keyout server.key -days 7300 -config openssl.cnf <RETURN> Loading 'screen' into random state - done Generating a 2048 bit RSA private key ................................................................................ ..................................+++ ..................+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:<RETURN> State or Province Name (full name) []:<RETURN> Locality Name (eg, city) []:<RETURN> Organization Name (eg, company) []:<RETURN> Organizational Unit Name (eg, section) []:<RETURN> Common Name (eg, YOUR name) []:192.0.2.10<RETURN> Email Address []:<RETURN>
Specify the period for which the certificate is available.
This option is counted from the day of the command execution. Enter a reasonably long number of days, while keeping the expiration date earlier than January 19th, 2038.
Specify the name of the configuration file.
For Microsoft Edge or Chrome, specify "chrome_openssl.cnf".
For web browsers other than above, specify "openssl.cnf".
Input Items | Explanation |
|---|---|
Country Name | The two-letter abbreviation for your country. (ISO-3166) |
State or Province Name | The state or province where the Management Server is located. |
Locality Name | The city where your organization is located. |
Organization Name | The exact legal name of your organization. |
Organizational Unit Name | Optional for additional organization information. |
Common Name | Enter the IP address or the host name (FQDN) that is entered in the web browser. Enter This item is mandatory. The enter example is as follows.
|
Email Address | E-mail address for contact |
Information
If the openssl command is executed, the following message may be output. Ignore the message because it does not affect the openssl command behaviors.
WARNING: can't open config file: c:/openssl-x.x.xx-win64/ssl/openssl.cnfStart the following services.
ETERNUS SF Manager Apache Service
ETERNUS SF Manager Tomcat Service
Open the Services dialog box by clicking Control Panel > Administrative Tools > Services, and then start the target services.
For Solaris or Linux environments
Log in the Management Server with Administrator privileges,
Execute the following command to stop daemons related to the web service.
# /opt/FJSVesfcm/bin/stop-webservice.sh <RETURN>
Move to /etc/opt/FJSVesfcm/conf/apache directory.
# cd /etc/opt/FJSVesfcm/conf/apache <RETURN>
Back up the original certificate file.
Example
# cp server.crt server.crt.org <RETURN> # cp server.key server.key.org <RETURN>
Modify the configuration file. (only when using Microsoft Edge or Chrome)
Open the /etc/opt/FJSVesfcm/conf/apache/chrome_openssl.cnf file using the editor.
When specifying the IP address of the Management Server in the web browser address bar to access the Management Server, modify item IP.1.
When specifying the hostname of the Management Server in the web browser address bar to access the Management Server, modify item DNS.1.
In addition, if both of the above methods can be used to access the Management Server, modify both item IP.1 and item DNS.1.
[ alt_names ] IP.1=<IP Address of Management Server> DNS.1=<Host name of Management Server>
Item IP.1 is set to "1.1.1.1" and item DNS.1 is set to "hostname.com" in the initial state.
Execute the openssl command to create a certificate for the software.
Example
If Firefox is used, the Management Server IP address is set to "192.0.2.10", and the expiration date is set to 20 years later (-days 7300)
# /opt/FJSVesfcm/SSL/bin/openssl req -sha256 -new -x509 -nodes -newkey rsa:2048 -out server.crt -keyout server.key -days 7300 -config openssl.cnf <RETURN> Loading 'screen' into random state - done Generating a 2048 bit RSA private key ................................................................................ ..................................+++ ..................+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:<RETURN> State or Province Name (full name) []:<RETURN> Locality Name (eg, city) []:<RETURN> Organization Name (eg, company) []:<RETURN> Organizational Unit Name (eg, section) []:<RETURN> Common Name (eg, YOUR name) []:192.0.2.10<RETURN> Email Address []:<RETURN>
Specify the period for which the certificate is available.
This option is counted from the day of the command execution. Enter a reasonably long number of days of using the software while keeping the expiration date earlier than January 19th, 2038.
Specify the name of the configuration file.
For Microsoft Edge or Chrome, specify "chrome_openssl.cnf".
For web browsers other than above, specify "openssl.cnf".
Input Items | Explanation |
|---|---|
Country Name | The two-letter abbreviation for your country. (ISO-3166) |
State or Province Name | The state or province where the Management Server is located. |
Locality Name | The city where your organization is located. |
Organization Name | The exact legal name of your organization. |
Organizational Unit Name | Optional for additional organization information. |
Common Name | Enter the IP address or the host name (FQDN) that is entered in the web browser. Enter This item is mandatory. The enter example is as follows.
|
Email Address | E-mail address for contact |
Execute the following command to restart daemons related to the web service.
# /opt/FJSVesfcm/bin/start-webservice.sh <RETURN>