Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral
491 views

Switching from HTTP -> HTTPS, Things to consider

Dear Experts,

OMi Version: 10.71

We have been running OMi with HTTP for more than 2 years and now we decided to move to HTTPS. I tested it on test OMi, after setting up TLS, OMi came online without any issue and also UI is available.

Now I plan to perform this in Production setup and i am wondering are there things to consider?

Thanks in advance for your input.

-KAKA-

Labels (1)
0 Likes
10 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Kaka,

Things that come to my mind are that the startup will be expected to be a bit slower and you should consider the integrations that you have/may have with other Micro Focus products. Most of it will not support mixture of http and https thus you will need to set it on TLS as well probably.

Regards,

Rosen

Micro Focus Software Support
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

Hi Rosen,

Thanks for your response. Is this documented anywhere? I could not find any related statement.

-KAKA-

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Kaka,

If you mean about the integrations, the integration guide mentions:

TLS Setup

Unless integrating OBM and SiS (where a mixed TLS setup is supported), ensure that the software products that you are integrating use the same TLS setup. For example, it is not supported to use HTTP for OO and at the same time HTTPS for OBM, or vice versa.

https://docs.microfocus.com/OMi/2018.11/OBM_Integrations_Guide/Content/Integrations.htm

Regards,

Rosen

Micro Focus Software Support
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
Highlighted
Admiral Admiral
Admiral

Hello @KAKA_2 ,

 

Just a personal suggestion. For one of my clients who asked for HTTPs application, we got a VIP configured on 443.

So we got a VIP that runs on https (443) and it matches the incoming data on VIP (port 443) to the GW server(s) (port 80). This way you can allow OMi Users to login via a HTTPs URL - https://VIPNAME:443/topaz and your application GW URLs will be on http.

Its better to avoid any changes on your prod app, as far as you can 😄 

 

Regards,
Sahil Gupta

Regards,
Sahil Gupta
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

@Rosen_K - Thanks for pointing to the document.

@SahilGupta We do have loadbalancer. so if i understand correctly, you mean to configure loadbalancer to work with port 443 and leave the gateway running on HTTP?

-KAKA-

0 Likes
Highlighted
Admiral Admiral
Admiral

Hello @KAKA_2 ,

 

Exactly yes, you got it right.

In our environment, we got the VIP Load-balanced (receiving traffic on 443) with 3 GW Servers behind it(running on 80).

I have attached a sample architecture diagram for better understanding.

 

Also, You can see this URL for Load Balancer configuration.

 

Regards,
Sahil Gupta

Regards,
Sahil Gupta
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

This topic is back.

@Rosen_K- do you know If we have OMi configured with HTTP and LDAP-S will credential details be in clear text sent over the network?

-KAKA-

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello KAKA,

Never tested this but a colleague of mine said that the credentials are sent in clear text. He has checked it while working with one of the customers.

You can check the same in developer tools of browser. While entering credentials on login page.

Regards,

Rosen

Micro Focus Software Support
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

@Rosen_K- Thanks for your message. i checked and using wireshark i was able to see the password in cleartext.

@SahilGupta- did you ever checked this on your customer setup with loadbalancer?

-KAKA-

0 Likes
Highlighted
Admiral Admiral
Admiral

Nope... Didn't check about credentials encryption. And unluckily I have moved out of MF Solutions now.
Regards,
Sahil Gupta
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.