The rhapsody.properties file contains a number of options that can be configured to customize the certificate used for HTTPS.
Property Name |
Description |
Default Value |
|---|---|---|
|
The name of the keystore file that contains the private key that should be used. This can either be an absolute path, or a path relative to the |
|
|
Whether HTTP is enabled. Standard HTTP is not secure and therefore should not be used in most cases. It is subject to various forms of attacks, including but not limited to eavesdropping, man-in-the-middle and replay attacks, which will compromise the security of the connection. Therefore, it is recommended that you access the Management Console solely using HTTPS, and you do not enable standard HTTP. |
|
|
The HTTP port that the Rhapsody service is hosted on. |
|
|
Whether HTTPS is enabled. |
|
|
The HTTPS port that the Rhapsody service is hosted on. |
|
|
The password for the keystore containing the private key that should be used. |
|
|
The password for the key within the keystore that should be used. |
|
|
The protocol to use: SSL or TLS, or specific versions thereof. |
|
|
The type of keystore that is being used. These are described in more detail in the documentation for the Java keytool application, but the main ones that are relevant here are JKS (the Java keystore type) and PKCS12 (a |
|
|
This can be set to a whitespace or comma separated list of the SSL protocols that should be enabled for the Management Console. Valid SSL protocols include SSLv2Hello (not available on AIX), TLSv1, TLSv1.1, and TLSv1.2. | If this property is not set, it defaults to just enabling the TLSv1 protocol. |
|
This can be set to a whitespace or comma separated list of the SSL cipher suites that should be enabled for the Management Console. | This defaults to enabling the AES-128, AES-256 and TripleDES-168 cipher suites. A full list of the default enabled cipher suites can be seen in the default rhapsody.properties file. |
For example, to use a custom private key, place it in the <RhapsodyInstallDirectory>\Rhapsody directory, then add or replace the following lines in the rhapsody.properties file:
WebMonitoringService.ssl.keystore=<Filename>.pfx WebMonitoringService.ssl.password=<password> WebMonitoringService.ssl.keypassword=<password> WebMonitoringService.ssl.keystoretype=PKCS12
In addition to providing the ability to using a PFX file directly, Rhapsody enables you to import the PFX files into a Java keystore using the Java Key and Certificate Management Tool (keytool) application. Unlike PFX files which only contain a single private key (meaning the store password and key password are the same), Java keystore files can hold multiple key types
Related Topics