• 5.2.1 Generating Certificate Signing Request in Gateway Server
  • 5.2.3 Generating Certificate Signing Request in Gateway Server
  • 5.2.5 Certificate in BPM
  • 5.3 Starting/Shutdown of Apache
  • Setting Up hp bac using Reverse Proxy Contents 0 Introduction




    Download 419,71 Kb.
    bet1/2
    Sana22.12.2019
    Hajmi419,71 Kb.
    #4592
      1   2


    Setting Up HP BAC using Reverse Proxy

    Contents


    1.0 Introduction:

    The purpose of this document is to explain the setup of HP BAC that is setup in B2C Culpeper for data collection through reverse proxy.

    2.0 Setup Overview:

    Two BPM agent machines are placed in Miami in terramark cloud. These two machines will be open to internet. A reverse proxy is placed in Culpeper data center which will act as proxy for gateway servers. The gateway server , database server and DPI server will be placed in Culpeper data center. The data collected by BPM agent machines, will send the data to reverse proxy machine, which inturn will forward it to gateway server. From internet, the reverse proxy will be seen as gateway server. All the communication between agent to proxy and proxy to gateway will be established through SSL which is secured. For outside world, only the reverse proxy IP will be revealed as gateway server. This setup is only for the data collection to happen from BPM to Gateway through reverse proxy, and not to open web access from BPM to gateway server through proxy.

    3.0 Logical Flow:



    4.0 Servers List:



    S.No

    Server Name

    Purpose

    Location

    1

    Server Name

    Gateway Server

    Location Name

    2

    Server Name

    Gateway Server

    Location Name

    3

    Server Name

    Reverse Proxy Server

    Location Name

    4

    Server Name

    Reverse Proxy Server

    Location Name

    5

    ServerName

    BPM Agent

    Location Name

    6

    Server Name

    BPM Agent

    Location Name

    5.0 Reverse Proxy:

    A reverse proxy is used to forward the traffic from internet to the internal webserver. The reverse proxy is configured in two servers ussdimon01 and ussdimon02. Both these servers are placed in sandiego data center. The reverse proxy is configured in apache webserver . The apache is configured to run on SSL (https) and listening on port 443. The communication between reverse proxy and gateway server happens through SSL.

    5.1 Configuration:

    The reverse proxy is configured on apache. The apache is installed in the path /usr/local/apache2.

    The following are the import configuration files,

    Httpd.conf – This file is located in /usr/local/apache2/conf.This is used to configure apache to act as reverse proxy and also used to load different modiles used for configuring apache as reverse proxy and for ssl.

    Httpd-ssl.conf – This file is located in /usr/local/apache2/extra.This file is used to enable ssl for apache. This file holds the path for the certifcates which apache reads while starting.

    Important Note :- Both the above files are configured and it is an one time configuration. If any change has to be made on these two files, please take a back up of these files before doing any change.

    5.2 Certificates :

    All the communication happening between BPM to Reverse Proxy is happening through SSL which involves certificate authentication. The certificate signing request is created and to the signing authority. This is then signed by Verisign. Once it is signed , we will be getting three certificates , Server certificate ,Certificate Authority and Intermediate certificate. All these certificate has to be imported in gateway server and reverse proxy server.

    Note: The following three section has to followed only after the existing certificate is expired. The current certificates imported has one year validity. Please do try these following steps unnecessarily.

    5.2.1 Generating Certificate Signing Request in Gateway Server :

    Please check the following url for creating certificate signing request in IIS in gateway server,

    http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html

    5.2.2 Importing Signed Certificate in Gateway Server:

    Please check the following url for installing the signed certificate in IIS in gateway server.

    http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html

    5.2.3 Generating Certificate Signing Request in Gateway Server:

    5.2.4 Certificates in Reverse proxy server:

    The verisign signed certificate will be having three certificates

    Server Certificate,CA Certificate and Intermediate certificate. Once we get this, we need to copy the content of the ceritificate and past it in the appropriate files.

    The certificates are copied in the following path in the reverse proxy server,

    Server Certificate : /usr/local/apache2/conf/cert and the file name is certify.crt. Copy the content of the server certificate and copy it in certify.crt.

    CA Bundle : /usr/local/apache2/conf/bundle and the file name is bundlepem.crt.This bundle certificate will be having both CA certificate and Intermediate certificate.Copy the content of both CA and intermediate certificate one below other in the same file.

    Key file : /usr/local/apache2/conf/key and the file name is server.key. This will be already present in the server.

    During renewal of certificate , please copy the renewed certificate in the same path. The password used while generating the key is ‘sony1234’ . This password should be used while restarting apache server.

    5.2.5 Certificate in BPM :

    The agent machine has to be configured with certificate of reverse proxy for connecting to the reverse proxy over https. The existing working certificate is put in the following path c:\baccerts\store and the file name is bacgwy.pem . The certificate file should be saved as pem file. The pem file should containg Server certificate first followed by CA certificate and then Intermediate certificate.

    5.3 Starting/Shutdown of Apache :

    Go to the path /usr/local/apache2/bin

    For starting run the command ./apachectl start – While starting it will prompt for password , please type ‘sony1234’ as password.

    For Stopping run the command ./apachectl stop



    6.0 Important Files:


    Download 419,71 Kb.
      1   2




    Download 419,71 Kb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa



    Setting Up hp bac using Reverse Proxy Contents 0 Introduction

    Download 419,71 Kb.