View Source

h4. Tech Tip 1 (01/2016) - Installing HTTPS on Windows GDMA clients

The Windows GDMA client can support encrypted communications over https. This tip explains how to make this work.

Since Windows can be particular about certificates and formats, we do not recommend copying the certificate files from the GroundWork Monitor server to the GDMA client. Instead, follow the steps below. Note you must use an account with Administrator access to the Windows server. These instructions assume that the Target server in the GDMA configuration has been set appropriately to use {html}https://{html} instead of the standard {html}http://{html}
# On the Windows server, launch an IE browser session.
# To test that you can make a connection to the GroundWork Monitor server on port 443 and also allow you to work through any certificate issues (if found), enter the following in the address bar:
{noformat}https://<insert GW monitor server name>/gdma/{noformat}
# Once the certificate path is validated, begin to export each of the certificates in the chain as follows:
## Right click anywhere within the page window and select *Properties*, then click *Certificates*.
## Click the *Certificate Path* tab to see how many certs are in the path. Each one will have to be saved to a file.
## Starting with the last cert in the list, click the *Details* tab.
## Click *Copy to File*.
## At the *Welcome to the Certificate Export Wizard*, click *Next*.
## Select *Base-64 encoded X.509 (.CER)* for the format, *Next*.
## Give the file a name (generally best to use the same name as the certificate) and a place to save the file. The file will be saved with a *.cer* extension.
## Proceed through steps a-g above for each certificate in the chain.
# Once all certificates have been saved, verify them by opening with *wordpad.exe*:
## Open WordPad by clicking *Start* and then typing *wordpad.exe* in the search prompt.
## Open each of the files and ensure that the first line says *\-*{*}-\--{*}*\- BEGIN CERTIFICATE* \---. You will need to change the *File Extensions* box to *All Documents* to show the *.cer* files.
# Once the certificate files have been verified, rename the file extension to {color:#000000}*.pem{*}{color}. This is important because *c_rehash* only looks for *.pem* files.
# Copy the files to one of the directories listed here:
{noformat}C:\Program Files\groundwork\gdma\certs{noformat}
{noformat}C:\Program Files (x86)\groundwork\gdma\certs{noformat}
# Open a command window and change to one of the directories listed here:
{noformat}C:\Program Files\groundwork\gdma\certs{noformat}
{noformat}C:\Program Files (x86)\groundwork\gdma\certs{noformat}
# Run *c_rehash* for the certificates for one of the directories listed below. If successful proceed, if not fix the issues found.
{noformat}C:\Program Files\groundwork\common\bin\c_rehash{noformat}
{noformat}C:\Program Files (x86)\groundwork\common\bin\c_rehash{noformat}
# Stop the gdma service and restart from command window:
{noformat}net stop gdma{noformat}
{noformat}net start gdma{noformat}
# Verify the GDMA is now reporting into the GroundWork Monitor server. If so, create a zip file with the certificates and then distribute them to all other Windows servers running GDMA.
## For each Windows server, delete any existing certificate files in *gdma\certs*.
## Copy the zip and extract the *.pem* certificate files to the *gdma\certs* directory.
## Run the following command:
{noformat}groundwork\common\bin\c_rehash run{noformat}
## Issue the following commands:
{noformat}net stop gdma{noformat}
{noformat}net start gdma{noformat}