Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

New MSI SSL Install

Tip
titleTip

New install options from version 8.2

When enabling SSL encryption, for the Web interface. You must ensure, that the certificate are trusted by the clients connecting. If you use Service now integration. This must be a Public trusted Certificate authority.

You'll need a file that contains your server certificate, any intermediate certificates and the private key. Often, the private key isn't part of the file delivered by your certificate authority. Instead, you may receive a file in the PKCS#7/P7B format. You must then yourself export the private key and certificates into a keystore in a format like PKCS#12/PFX, PEM or DER.

The following is an example of importing a PKCS12 keystore into PerformanceGuard. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows computers to import and export certificates and private keys. PFX files are password-protected, and you need the password to install the certificate file.


During installation Check the "Use SSL". When this is done, Display ports are changed to use default SSL ports. For Primary display Port, and 8443 for secondary display port.

Image Added

Browse to choose your Certificate, and enter Password.

Manual Settings for SSL Configuration

Configuration settings is stored, in a configuration file. Located in the root of your Performanceguard server installation.

  • Configuration File : "Installation Path"\Settings.ini

Settings to look for:

  • MERLINPORT : Primary Display Port number. (Default 443)
  • PGUARDPORT : Secondary Display Port number. (Default 8443)
  • SSL_KEY_STORE_PATH : Full path to your Certificate.
  • SSL_KEY_STORE_PASSWORD : Encrypted password, for your certificate. (Can not be empty)
  • PGUARDSECURE : true/false (Default true)

Change Launch conditions for display2:

  1. Stop Display services (pgdisplay and pgdisplay2)
  2. Launch "Installation Path"\display2\pgdisplay2w.exe
  3. Goto Startup
  4. Change Argument display2.yml to display2-ssl.yml
  5. Apply and start Display services (pgdisplay and pgdisplay2)

Image Added

Previous Versions of installer

Tip

New install option from version 7.6

If you configure the PerformanceGuard web interface to use HTTPS connections, the web interface is by default installed with a self-signed server certificate. Communication between web browsers and the web interface will be encrypted with SSL, but browsers will complain that the certificate isn't trusted. To resolve this security issue, you must install your own server certificate that's signed by a trusted authority (such as VeriSign or Symantec).

You'll need a file that contains your server certificate, any intermediate certificates and the private key. Often, the private key isn't part of the file delivered by your certificate authority. Instead, you may receive a file in the PKCS#7/P7B format. You must then yourself export the private key and certificates into a keystore in a format like PKCS#12/PFX, PEM or DER.

The following is an example of importing a PKCS12 keystore into PerformanceGuard. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows computers to import and export certificates and private keys. PFX files are password-protected, and you need the password to install the certificate file.


During installation check the Use SSL checkbox.

Image Modified

  • Primary Web Server Port: Change Value to a port of your choosing e.g. 443 

  • Secondary Web Server Port: Change Value to a port of your choosing e.g. 8443 
  • Use SSL: Check the box
  • Certificate File Path: Select the path to the certificate file on local machine
  • Certificate Password: Password of the certificate file
Note
iconfalse

It is recommended to use proper signed certificates and only access PG using the fully qualified domain name e.g. https://performanceguard.capasystems.com not https://performanceguard or https://127.0.0.1.


Manual SSL Server Certificate for HTTPS Install

Warning

This is deprecated from version 7.6 See New SSL Install

If you configure the PerformanceGuard web interface to use HTTPS connections, the web interface is by default installed with a self-signed server certificate. Communication between web servers and the web interface will be encrypted with SSL, but browsers will complain that the certificate isn't trusted. To resolve this security issue, you must install your own server certificate that's signed by a trusted authority (such as VeriSign or Symantec).

You'll need a file that contains your server certificate, any intermediate certificates and the private key. Often, the private key isn't part of the file delivered by your certificate authority. Instead, you may receive a file in the PKCS#7/P7B format. You must then yourself export the private key and certificates into a keystore in a format like PKCS#12/PFX, PEM or DER.

The following is an example of importing a PKCS12 keystore into PerformanceGuard. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows computers to import and export certificates and private keys. PFX files are password-protected, and you need the password to install the certificate file.

  1. Add the my_certificate.pfx to display folder of \[PerformanceGuard installation folder]\display:
  2. Edit \[PerformanceGuard installation folder]\display\conf\performanceguard.xml and change the values of the following parameters:
    • port: Change Value to a port of your choosing e.g. 8443 

      Note
      iconfalse

      You must not use 443 as this is reserved for Display2.


    • secure: Change value to true
    • keyStorePath: Configure path to keyStorePath i.e. <Parameter name="keyStorePath" override="false" value="mykeystore.p12"/>
    • keyStorePassword: Add password to keyStorePassword i.e. <Parameter name="keyStorePassword" override="false" value="$m3llycat"/>
  3. Add a keystore mykeystore.p12 to display2 folder of \[PerformanceGuard installation folder]\display2.
  4. Open \PerformanceGuard installation folder\display2\display2.yml and overwrite the # Server Settings section with the following:

    Code Block
    languagepowershell
    themeEmacs
    # Server Settings
    server: 
    	rootPath: '/api/*' 
    	applicationContextPath: / 
    	applicationConnectors: 
    	- type: https    
    		port: 443    
    		maxRequestHeaderSize: 64KiB    
    		maxResponseHeaderSize: 64KiB    
    		keyStorePath: 'mykeystore.p12'    
    		keyStorePassword: '$m3llycat'    
    		validateCerts: false

    Then move down to the # Old Display Settings section and change the value of the following parameter:

    • hostPort: Change to the port that you set in step 2 (e.g. 8443)
    • hostSecure: Change value to true


    Code Block
    languagepowershell
    themeEmacs
    # Old Display Settings
    classic:  
    	hostPort: '8443'  
    	hostSecure: 'true'


    Note
    iconfalse

    It is not supported nor it is recommended to run one display service as http and the other as https as it will create issues with the browsers because of the mixed content.


    Tip
    iconfalse

    Please ensure to keep the syntax of .XML and .YML correct and valid. We recommend to use a text editor such as Microsoft Visual Studio Code that notifies the user if the syntax is incorrect.


  5. Open \PerformanceGuard installation folder\notification\conf\config.properties and change the following parameters:

    Code Block
    languagepowershell
    themeEmacs
    displaySsl=true 
    displayPort=8443 (or which ever port you have used above)


  6. Save the files that you have edited and then restart the PerformanceGuard Web Server and PerformanceGuard Web Server 2 services.


Note
iconfalse

It is recommended to use proper signed certificates and only access PG using the fully qualified domain name e.g. https://performanceguard.capasystems.com not https://performanceguard or https://127.0.0.1.



Panel

Search this documentation

Live Search
spaceKeyPD

On this page

Table of Contents

In this section

Child pages (Children Display)