How do I implement Security Reporting Center so that it uses a secure connection?


This article applies to:

  • Security Reporting Center 2.1

Question:

  • How do I implement Security Reporting Center so that it uses a secure connection?
  • Can Security Reporting Center use an SSL connection?

Procedure:

SSL Overview

Web clients and Web servers often transmit sensitive information.  Protecting this information is typically accomplished by sending the data in an encrypted form and subsequently decrypting the data on the receiving side. The Secure Sockets Layer (SSL) protocol provides several features that enable secure transmission of Web traffic. These features include data encryption, server authentication, and message integrity.  To enable secure communication from Web clients to Security Reporting Center using SSL, you must first enable SSL support.

Important Note:
The information provided in this document describes how to enable basic SSL functionality and generate certificates. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, refer to the SSL resources at:

http://www.apache.org/
http://www.modssl.org/



SSL Installation Instructions

  • New Installations
    Install Security Reporting Center as described in the User Guide. By default, SSL is enabled for Windows installations.

  • Upgrade Installations
    To install Security Reporting Center on top of an existing installation, use the steps described in the Release Notes. When you upgrade to version 2.1 from Security Reporting Center 2.0x, the upgrade process backs up your existing Apache Web server and installs a new instance of Apache.

  • SSL Enabled Prior to Upgrade
    If your original installation had SSL enabled, and you want to continue using SSL, manually copy your existing SSL certificate from your old Apache installation to the new Apache installation. Your original Apache installation now resides in the installation directory\common\Apache version number folder of your Security Reporting Center installation.

    To copy your certificate:

    1. Copy the SSL .key certificate file from the conf\ssl.key directory of your old Apache installation into the conf\ssl.key directory of your new Apache installation.

    2. Open the installation directory\common\apache\conf\httpd.conf file in your new Apache installation, and edit the SSLCertificateKeyFile entry to point to the correct .key file.

      Note: This entry is absent if SSL is disabled.

    3. Open the installation directory\common\apache\conf\httpd_with_ssl.conf.template file in your new Apache installation and edit the SSLCertificateKeyFile entry to point to the correct .key file.

  • SSL Disabled Prior to Upgrade
    If SSL was disabled in the original installation and you want to enable it, follow these steps:

    1. Obtain an SSL certificate. For more information, see section 4 of the User Guide, "Installing Your own Certificate."

    2. Use the SSL options in the Security Reporting Center user interface to enable SSL. For more information, see section 3 of the User Guide, "Enabling and Disabling SSL."


Enabling and Disabling SSL

Security Reporting Center 2.1 provides the ability to enable or disable SSL as a feature of the user interface.

To enable or disable SSL, follow these steps:

  1. Open the Administration module and click Options | SSL.

  2. Click Enable SSL or Disable SSL.

  3. Restart the NetIQ Apache Service and the NetIQ Tomcat Service.


With SSL enabled, the URL for connecting to Security Reporting Center takes the following format:

https://hostname:9000/index.html

With SSL disabled, the URL format is the following:

http://hostname:9000/index.html

When you enable or disable SSL, Security Reporting Center automatically updates any local Windows shortcuts pointing to the old URL.

This article was previously published as:
NETIQKB38143

Last Modified 6/25/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle10359.aspx