This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
onaam
Captain
Captain
‎2017-11-17 16:02
1272 views

Network automation disable https access

Jump to solution

Hi all,

I would like to disable the Https access to Network Automation and let the only Http access.

Is there a simple way to do it ?

I found that in a server.xml file there was some access configuration (as below) but I don't really know if this is a good idea to modify this file.

 

Thanks in advance.

Best Regards.

Fabrice

      <Connector port="80" address="${jboss.bind.address}" protocol="HTTP/1.1"
         maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
         emptySessionPath="true"
         maxPostSize="262144000"         
         enableLookups="false" redirectPort="443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true"
         compression="on"
         compressionMinSize="2048"
         compressableMimeType="text/html,text/xml,text/css,text/javascript"
         useBodyEncodingForURI="true"/>         

      <!-- Add this option to the connector to avoid problems with
          .NET clients that don't implement HTTP/1.1 correctly
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
      -->

      
                <Connector port="443" address="${jboss.bind.address}" protocol="HTTP/1.1"
           minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${jboss.server.home.dir}/conf/truecontrol.keystore" keystorePass="sentinel"
           truststoreFile="${jboss.server.home.dir}/conf/truecontrol.truststore" truststorePass="sentinel"
           clientAuth="want" sslProtocol="TLS"
           useBodyEncodingForURI="true"
           compression="on" compressionMinSize="2048" compressableMimeType="text/html,text/xml,text/css,text/javascript"
           server= " "
           ciphers="TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_D
HE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH
A"/>

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
Pedro_B_NA
Fleet Admiral
Fleet Admiral
‎2017-11-17 22:04

Jump to solution

Hi @onaam,

no need to change that file,

  • the change is with this property:

<option name="administration/use_https_only">false</option>

 

  • add that to the adjustable_options.rcx file.
  • then a restart of NA is needed.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.

View solution in original post

Tags (1)
Reply
Report Inappropriate Content
7 Replies
Pedro_B_NA
Fleet Admiral
Fleet Admiral
‎2017-11-17 22:04

Jump to solution

Hi @onaam,

no need to change that file,

  • the change is with this property:

<option name="administration/use_https_only">false</option>

 

  • add that to the adjustable_options.rcx file.
  • then a restart of NA is needed.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.

View solution in original post

Tags (1)
Reply
Report Inappropriate Content
onaam
Captain
Captain
‎2017-11-20 08:25

Jump to solution

Hello Pedro,

 

many thanks, it works fine.

0 Likes
Reply
Report Inappropriate Content
onaam
Captain
Captain
‎2017-11-20 16:39

Jump to solution

Hello,

I just found a problem with this solution ... I can't navigate. Every action sends me back to the login.

Did I miss something ?

 

Thanks in advance.

 

0 Likes
Reply
Report Inappropriate Content
Pedro_B_NA
Fleet Admiral
Fleet Admiral
‎2017-11-20 20:13

Jump to solution

Hi @onaam,

I just investigate further and it seems that starting 10.20 this was forced to be HTTPS always.

btw I had the same outcome on my environment with 10.30.

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.
0 Likes
Reply
Report Inappropriate Content
onaam
Captain
Captain
‎2017-11-21 08:33

Jump to solution

Hi Pedro,

thanks for your answer.

My problem is that the NA access is hiden by a proxy.  The NA self signed certificate display is a problem  when users access to the product.

First I wanted to change to HTTP access in order to prevent this display (and because the proxy access is already with https), but now I think I'll have to export this certificate to declare it on the proxy.

Does anyone knows how to do this ?

 

thanks in advance.

 

0 Likes
Reply
Report Inappropriate Content
Pedro_B_NA
Fleet Admiral
Fleet Admiral
‎2017-11-21 15:17

Jump to solution

 

@onaam,

 

NA certificate is over here:

/opt/NA/server/ext/jboss/server/default/conf/truecontrol.keystore

to export NA certificate:

/opt/NA/jre/bin/keytool -export -alias sentinel -file /tmp/na.cer -keystore /opt/NA/server/ext/jboss/server/default/conf/truecontrol.keystore -storepass sentinel

 the na.cer file can be exported to the proxy application to allow NA cert.

 

Pedro A. Batista
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the THUMB at the bottom left of the post and show your appreciation.
0 Likes
Reply
Report Inappropriate Content
gaurav sharma
Lieutenant Commander
Lieutenant Commander
‎2018-12-17 04:29

Jump to solution

Hi, 

Is there any way to disable https in NA 10.40.

Thanks, 

Gaurav

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.