Overview
If you are moving towards using HTTPS instead of HTTP while accessing the MGR GUI, you should enable HTTPS and disable HTTP. By default, HTTPS is already configured with a certificate (not CA), and a minor change is required.
This article provides step-by-step instructions on how to use HTTPS to access the MGR GUI without Certificate Authority (CA). This can be achieved by checking if there is a certificate already configured for MGR and then proceed to enable HTTPS and disable HTTP.
Process
Step 1: Checking If There Is a Certificate Already Configured for MGR
- Check if both the .key and .crt files exist. As a TextPass user, run the following command:
$ ls -ltrh /var/TextPass/MGR/conf/ssl
Output:
total 8.0K
-rw-r--r-- 1 textpass textpass 887 Jul 15 13:52 server.key
-rw-r--r-- 1 textpass textpass 782 Jul 15 13:52 server.crt - Check in the MGR.conf file if HTTPS is already configured to work:
-
$ grep SSLCertificate /var/TextPass/MGR/conf/MGR.conf
Output:SSLCertificateFile /var/TextPass/MGR/conf/ssl/server.crt
SSLCertificateKeyFile /var/TextPass/MGR/conf/ssl/server.key -
$ head -25 /var/TextPass/MGR/conf/MGR.conf
##
## httpd.conf -- Apache HTTP server configuration file
##
ServerRoot "/var/TextPass/MGR/www"
PidFile /var/TextPass/MGR/pid/mgr.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 2
MaxSpareServers 10
StartServers 3
MaxClients 15
MaxRequestsPerChild 1000
Listen 80
<IfDefine SSL>
Listen 443
</IfDefine>
User textpass
Group textpass
ServerAdmin root@127.0.0.1
ServerName localhost
-
- Based on the output of steps 1 and 2, the actual certificate file should exist and be configured in
MGR.conf.
NOTE: In the output of step 2, the lineListen 80
is for HTTP, and the lineListen 443
is for HTTPS. If the line is not commented out, then it is configured to work.
Step 2: Enabling HTTPS and Disabling HTTP
To enable or disable HTTP or HTTPS, follow these steps as a TextPass user:
- Go to
/var/TextPass/MGR/conf/
- Back up the existing MGR.conf file:
$ cp -p MGR.conf MGR.conf_YYYYMMDD
- Update the MGR.conf file based on what you want to achieve. As explained in the NOTE section of the above segment:
- To disable, comment the lines of the access you want to disable.
- To enable, comment out the lines.
- As a root user, restart the MGR process to apply the changes:
# systemctl restart mgr
- After the MGR process has fully restarted, test the GUI access based on the changes made.