How to Install and configure SSL on NPC, ReporterAnalyzer, Netvoyant, Superagent, and Unified Communications Monitor.

Document ID : KB000013382
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How to set up SSL on NetQoS Peformance Center, legacy Reporter Analyzer 9.0, SuperAgent 9.1, NetVoyant (any version), or UCM 3.3.

Environment:
Up to Windows Server 2008Up to NetworkPerformance Center 6.1/6.2Up to Reporter Analyzer 9.0Up to SuperAgent 9.1NetVoyant (any version)
Answer:

1.   Configure the Certificate

     A certificate is required for SSL to work.  This can either be done by creating a self signed certificate, or installing a certificate from a CA.

A.     Self Signed Certificate

Open the Server 2008 “Server Manager” (Start -> Administrative Tools -> Server Manager)

 

Expand Roles->Web Server (IIS) and click on Internet Information Services (IIS) Manager

1.png

 

Click on “Server Certificates”.  It’s the second to last option available in the IIS section.

2.png

On the far right, under actions, are the options for Importing a current certificate, or creating a self signed certificate.  Skip to the next step if you wish to import a certificate.

 

To generate a self signed certificate, open the action:

3.png

Specify a friendly name for the certificate.  This will be the name that users will use to access the server.  Hit OK and you’re done generating the certificate.  

You can double check that this certificate is in the Trusted Certificates by opening the certificate manager snap-in (certmgr.msc) and looking for the certificate in the “Trusted Root Certificate Authorities”.

 

 

B.     Installing a provided Certificate

 

If you want to install a provided certificate, Click on the “Import” option and navigate to the location of the provided certificate.

4.png

Follow the configuration steps to completion.

 

1.      2. Configure the IIS Application

a.      Configure an SSL Port.

 

By default, IIS does not have a binding for HTTPS.  This can continue to be modified from within the server manager.  Navigate to the Default Website in IIS

5.png

Under actions, select “Bindings”

6.png

 

Click on Add to put in a new site binding:

7.png

Select “https” from the drop down, assign to All Unassigned IP addresses and type in port “443”.  Select the proper SSL Certificate from the drop down and click “OK”.  That’s all the configuration to allow https to the Default Website.

a.      Modify the HTTP Header Expiration for both ReporterAnalyzer, NPC, NV, SA, or UCM. 

 

The Content expiration for HTTP headers needs to be modified only on the flex_bin of the product site.  Navigate to the flex_bin directory, and select “HTTP Response Headers” from the IIS group.

8.png

Double Click on HTTP Response Headers and then from the Action Pane select “Set Common Headers…”

9.png

               Check “Expire Web content” and choose “After 1 Day”.  Hit OK.

 

 

1.    3. Configure Application for HTTPS (NPC only)

 

Once IIS has been configured to respond to SSL requests, and the certificates have been inserted…the next step is to enable HTTPS through the single sign on configuration tool.  This tool is located on the Desktop of the NPC, and will propagate all changes down to the underlying datasources.

10.png

          Modify the following options (by clicking on the Blue hyperlinks):

Web Site Scheme – Override this to be “https”

Web Site Port – Override this to be “443”

Web Site Host – Override this to be the name indicated in either the Self Signed Certificate, or the Certification from the CA

***Please note that while we are changing the Web Site Scheme, the web services will continue to run on HTTP.

 

               Now switch over to the Single Sign-On Tab:

11.png

               Modify the following options:

               Scheme – Override this setting with “https”

               Port – Override this setting with “443”

 

               ***These settings are to control the Single Sign-On (login pages) for the product.  

 

4.      Modify SSO XML Files

 

             While most of the settings are contained in the Config Utility, it’s still best practice to update the Single Sign-On Config XML files.  These are                       located in the following directory:

              D:\NETQOS\SingleSignOn\Configuration

12.png

The name of the file indicates the product you’re modifying the configuration for.  We’ll modify the NPC (on the NPC box), and the RA (on the RA Master Console) and so on for the rest of the products.

13.png

 

Modify the Scheme (from http to https) and the Port (put in 443, the entry is blank by default).  Do not modify the Web Service Scheme or Port!

After these changes have been made, run an “iisreset” from the command line to force the website to reload and you should be able to access the product via HTTPS.

1.     5. Modify the Datasource Connection Method.

It’s best practice to configure SSL after the product is up and configured, to verify proper functionality of the product before making these changes.  Once the product has been migrated to HTTPS, you will want to modify the NPC Datasource settings to reflect this.

 

Open NPC GUI and navigate to the “Data Sources” Administration Page.

 

Edit the Data Source (NV used in example) to bring up the options:

14.png

Since the Web Services are still running on HTTP, uncheck the “Same as above” check box underneath Web Console.

14.png

The “Host Name” should be modified to the name provided in your SSL Cert, protocol changed to https and the Port switched to 443.  These changes will update the drill down links to https (into the web UI).

 

Additional Information:

To set up SSL on the newer products please see: 

tec1940212