Captain
Captain
1280 views

Network automation disable https access

Jump to solution

Hi all,

I would like to disable the Https access to Network Automation and let the only Http access.

Is there a simple way to do it ?

I found that in a server.xml file there was some access configuration (as below) but I don't really know if this is a good idea to modify this file.

 

Thanks in advance.

Best Regards.

Fabrice

      <Connector port="80" address="${jboss.bind.address}" protocol="HTTP/1.1"
         maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
         emptySessionPath="true"
         maxPostSize="262144000"         
         enableLookups="false" redirectPort="443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true"
         compression="on"
         compressionMinSize="2048"
         compressableMimeType="text/html,text/xml,text/css,text/javascript"
         useBodyEncodingForURI="true"/>         

      <!-- Add this option to the connector to avoid problems with
          .NET clients that don't implement HTTP/1.1 correctly
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
      -->

      
                <Connector port="443" address="${jboss.bind.address}" protocol="HTTP/1.1"
           minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${jboss.server.home.dir}/conf/truecontrol.keystore" keystorePass="sentinel"
           truststoreFile="${jboss.server.home.dir}/conf/truecontrol.truststore" truststorePass="sentinel"
           clientAuth="want" sslProtocol="TLS"
           useBodyEncodingForURI="true"
           compression="on" compressionMinSize="2048" compressableMimeType="text/html,text/xml,text/css,text/javascript"
           server= " "
           ciphers="TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_D
HE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH
A"/>

0 Likes
1 Solution

Accepted Solutions
Fleet Admiral
Fleet Admiral

Hi @onaam,

no need to change that file,

  • the change is with this property:

<option name="administration/use_https_only">false</option>

 

  • add that to the adjustable_options.rcx file.
  • then a restart of NA is needed.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.

View solution in original post

Tags (1)
7 Replies
Fleet Admiral
Fleet Admiral

Hi @onaam,

no need to change that file,

  • the change is with this property:

<option name="administration/use_https_only">false</option>

 

  • add that to the adjustable_options.rcx file.
  • then a restart of NA is needed.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.

View solution in original post

Tags (1)
Captain
Captain

Hello Pedro,

 

many thanks, it works fine.

0 Likes
Captain
Captain

Hello,

I just found a problem with this solution ... I can't navigate. Every action sends me back to the login.

Did I miss something ?

 

Thanks in advance.

 

0 Likes
Fleet Admiral
Fleet Admiral

Hi @onaam,

I just investigate further and it seems that starting 10.20 this was forced to be HTTPS always.

btw I had the same outcome on my environment with 10.30.

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.
0 Likes
Captain
Captain

Hi Pedro,

thanks for your answer.

My problem is that the NA access is hiden by a proxy.  The NA self signed certificate display is a problem  when users access to the product.

First I wanted to change to HTTP access in order to prevent this display (and because the proxy access is already with https), but now I think I'll have to export this certificate to declare it on the proxy.

Does anyone knows how to do this ?

 

thanks in advance.

 

0 Likes
Fleet Admiral
Fleet Admiral

 

@onaam,

 

NA certificate is over here:

/opt/NA/server/ext/jboss/server/default/conf/truecontrol.keystore

to export NA certificate:

/opt/NA/jre/bin/keytool -export -alias sentinel -file /tmp/na.cer -keystore /opt/NA/server/ext/jboss/server/default/conf/truecontrol.keystore -storepass sentinel

 the na.cer file can be exported to the proxy application to allow NA cert.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.
0 Likes
Lieutenant Commander
Lieutenant Commander

Hi, 

Is there any way to disable https in NA 10.40.

Thanks, 

Gaurav

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.