How to enable SSL in NetFlow Analyzer Professional Edition

How to enable SSL in NetFlow Analyzer Professional Edition

Following are the steps to enable SSL on NetFlow Analyzer:

Step 1 :-

If you do not already have a valid certificate, please generate an SSL certificate using the steps below.

Navigate to <NetFlow_Home>jrein directory and type:

keytool -genkey -alias myalias -keyalg RSA -validity 365 -keystore server.keystore

This should ask some queries regarding the certificate details as follows. Please answer the queries with
your details.

Example:-

C:AdventNetMENetFlowjrein>keytool -genkey -alias myalias -keyalg RSA -validity 365
-keystore server.keystore

Enter keystore password: password

What is your first and last name?

[Unknown]: NetFlow-Test5 (Enter the name of NetFlow Analyzer server)

What is the name of your organizational unit?

[Unknown]: NFA

What is the name of your organization?

[Unknown]: Zoho Corporation

What is the name of your City or Locality?

[Unknown]: California

What is the name of your State or Province?

[Unknown]: CA

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=NetFlow-Test5, OU=NFA, O=Zoho Corporation, L=California, ST=CA, C=US correct?
[no]: Y

Enter key password for <myalias>
(RETURN if same as keystore password): password

C:AdventNetMENetFlowjrein>

This will create the certificate named server.keystore under <NetFlow_Home>jrein directory.

Please move this file to <NetFlow_Home>serverdefaultconf directory.

Note: The above steps for generating the server.keystore is an example. It is not an exact
server.keystore generated by NetFlow Analyzer Java. We suggest generating your own certificate and
renaming it to server.keystore and then saving it in the specified locations.

Step 2:-

Navigate to <NetFlow_Home>serverdefaultconf> directory and here open the sample-bindings.xml
in any editor.

Search for the following lines:

<!-- Tomcat server port-->
<service-config delegateClass="org.jboss.services.binding.XSLTFileDelegate"
name="jboss.web:service=WebServer">
<delegate-config>
<xslt-config configName="ConfigFile"><![CDATA[
<xsl:stylesheet
xmlns:xsl='http://www.w3.org/1999/XSL/Transform' version='1.0'>
<xsl:output method="xml" />
<xsl:param name="port"/>
<xsl:variable name="portAJP" select="$port - 71"/>
<xsl:variable name="portHttps" select="$port + 363"/>
<xsl:template match="/">
<xsl:apply-templates/>
</xsl:template>

Here, change the line

<xsl:variable name="portHttps" select="$port + 363"/>
to
<xsl:variable name="portHttps" select="8443"/>


Search for the following lines in the same file:

<xsl:template match="*|@*">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>
]]>
</xslt-config>
</delegate-config>
<binding port="8080"/>
</service-config>

Here, change the line

<binding port="8080"/>
to
<binding port="8443"/>


Step 3:-


Navigate to <NetFlow_Home>serverdefaultdeployjbossweb-tomcat50.sar> and open the file
server.xml in any editor:

Un comment the lines:

<!-- SSL/TLS Connector configuration using the admin devl guide keystore
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
-->
by removing the --> at the end and replacing it at the end of "<!-- SSL/TLS Connector configuration
using the admin devl guide keystore".

Also, rename the chap8.keystore as server .keystore and replace
"rmi+ssl" with the password used when creating the certificate.

So the modified lines will look as:

<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="password" sslProtocol = "TLS" />

Now comment the lines

<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" URIEncoding="UTF-8" useBodyEncodingURI="true" address="$
{jboss.bind.address}"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>

by putting a --> at the end.

The modified lines will look as:

<!-- A HTTP/1.1 Connector on port 8080
<Connector port="8080" URIEncoding="UTF-8" useBodyEncodingURI="true" address="$
{jboss.bind.address}"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>
-->

Once the above mentioned 3 steps are performed, you can start the product and connect to the web client using  https://<Server_Name or IP Address>:8443.


Thanks
Praveen Kumar
NetFlow Analyzer Technical Team
+1 925 965 9435


Network Bandwidth Monitoring|Bandwidth Reporting|Cisco NetFlow|Netflow Monitoring|Network Traffic Analysis










































































































































































        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial





                            Related Products