Accessing SiteScope via HTTPS

You can setup the SiteScope Web server to use an SSL connection with access via the https protocol. The steps you need to take to do this are described here.

Important: The process for creating, requesting, and installing a digital certificate requires close attention to detail. Be sure to make a note of the parameters and command line arguments that you use in each step of the process as it is very important that you use the same values though out the procedure.

SiteScope is shipped with Keytool.exe. Keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for authentication using digital signatures. It also allows users to cache the public keys of the parties they communicate with. This is installed in <SiteScope install path>/SiteScope/java/bin directory.

You can find out more about keytool at the Sun Microsystems site:

http://java.sun.com/products/jdk/1.2/docs/tooldocs/win32/keytool.html

You need to have a digital certificate that can be imported into the key storage file used by Keytool. If your organization does not currently have a digital certificate for this purpose, you will need to make a request to a Certificate Authority to issue you a certificate.

Creating a Key Storage File

To create the key storage data file needed for a certificate you need to first create a key pair. To do this you need to run the following command from the <SiteScope install path>/SiteScope/java/bin directory: (Note: this needs to be entered on a single line. It is displayed here on multiple lines to ease presentation.)

keytool -genkey -dname "CN=www.yourDomain.com, OU=yourDepartment, O=yourCompanyName,L=yourLocation, S=yourState, C=yourCountryCode" -alias yourAlias -keypass keypass -keystore ..\..\groups\serverKeystore -storepass passphrase -keyalg "RSA" -validity valdays

The value of a -dname option must be in the following order where the italicized values are replaced by values of your choosing. The keywords are abbreviations for the following:

CN = commonName - common name of a person, for example,, "Warren Pease"

OU = organizationUnit - small organizational unit (e.g, "NetAdmin"

O = organizationName - large organization name, for example,, "ACMe-Systems, Inc."

L = localityName - locality (city) name, for example,, "Palo Alto"

S = stateName - state or province name, for example,, "California"

C = country - two-letter country code, for example,, "US"

The subcomponents within the -dname (distinguished name string) variable are case-insensitive but they are order sensitive although you do not have to include all of the sub components. The -dname variable should represent your company and the cn is the domain name of the webserver sitescope is installed on.

The value of -storepass passphrase is a password used to protect the Key Store file. This password must be at least 6 characters long. You will need to use this password to import to and remove certificate data from the key store.

The -alias variable is an alias or nickname you use to identify an entry in your keystore.

This command will create a file called serverKeystore (MAKE SURE YOU KEEP A BACK UP COPY OF THIS FILE SOMEWHERE else). SiteScope will use this key store file to store the certificates used in your secure sessions.

Creating a Certificate Request File

Next you need to create a certificate request file. To do this run the following command from the same directory as above.

keytool -certreq -alias yourAlias -file ..\..\groups\filename.csr -keypass keypass -keystore ..\..\groups\serverKeystore -storepass passphrase -keyalg "RSA"

This will generate a filename.csr to be used as a request file. You need to send this file to a Certificate Authority (CA) along with your request for a certificate.

Importing the Certificate

After you receive your certificate from a Certificate Authority (the reply should include a file called cert.cer) then you need to import this certificate into the KeyStore file you created with the procedure above. The file should be called serverKeystore. To import the certificate data into the KeyStore file run the following command from the same directory as above:

keytool -import -trustcacerts -alias yourAlias -file cert.cer -keystore ../../groups/serverKeystore

Setting up SiteScope to Use HTTPS

After you do this you need to make some parameter changes to instruct SiteScope to run a secured connection. To do this you need to add or modify the following parameters in the master.config file:

_httpSecurePort=8899

The number you use for the _httpSecurePort parameter can be set to any available port number. We recommend that you use a port number other than 8888 which is the default port for the accessing SiteScope using http (unsecure). You also need to add or modify the following parameters:

To use https exclusively you need to clear the setting _httpPort and set the _httpSecurePort to 8899.

_httpSSLKeystorePassword=passphrase

_httpSSLKeyPassword=keypass

All the parameters in the master.config file are case and syntax sensitive. Be sure not to add any extra spaces or lines to the file.

Save the changes to the master.config file. You will then need to stop and restart the SiteScope service for the changes to become effective. Then you should be able to access SiteScope using http at:

http://server_IP_address:8888 (for example, for access from inside the firewall)

and using https at the following, based on the example above:

https://server_IP_address:8899 (for example, for secure access from outside the firewall)

Index