====== HTTPS settings ======

===== Use HTTPS Only =====

  * Activate HTTPS only checkbox to automatically redirect HTTP requests to HTTPS
  * **WARNING:** In such configuration, remote agents will not be able to connect if you don't add the server certificate into their truststore (unless using a certificate coming from a trusted authority)

===== Change HTTPS port =====

  * Pro.Monitor HTTPS port number is set **8443** by default
  * **If you are running on Linux**: 
    * Set the new HTTPS port in "HTTPS redirection port" field
    * Using port **443** is not always possible: To use ports below 1024 requiers to grant specific authorizations.
    * A simple workaround is to create a routing rule such as: ''iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443''
    * **Restart the promonitor service** from Maintenance menu

  * **If you are running on Windows**:
    * Set the new HTTPS port in "HTTPS redirection port" field
    * Run ''[PRO_MONITOR_HOME]\bin\pro_monitorw.exe''
    * Open ''Java'' tab
    * Change ''-Dhttp.port.ssl'' value to the new port number
    * **Restart the promonitor service**

{{..:..:..:userguide:administration:pasted:https1.png}}

===== Certificates =====

==== Disclaimer ====
  * The default certificate embbeded with the server **will not work in Multi-instance mode**: agents will refuse the connection because the certificate is not bound to server IP address
  * In this case, you must generate a self signed certificate and bind it to the local IP
  * Generated certificates will be stored in the keystore
  * Pro.Monitor keystore is located in the ''certificates/.keystore'' file of Pro.Monitor install folder

==== Generating a certificate ====
  * The default certificate for Pro.Monitor is using ''localhost'' as common name.
  * If you want to connect to the promonitor server with HTTPS by using its hostname, you need to install or create a certificate for his hostname

**Self signed certificate:**
  * You can generate an autosigned certificate by clicking on "Generate a self-signed certificate" 
  * Enter the domain name or the IP address of your instance and save

**Certificates from a trusted authority**
  * In order to install this certificate, refere the manual installation below

==== Downloading and installing a certificate from a remote service ====
 * There are several reasons why you might need to register self signed certificates for secure connections:
    * Secure LDAP
    * Secure plugin
    * Secure primary server (for agents)
    * Secure SAPControl or portal connection

  * Use the import certificate button to fetch and trust certificates from reachable sites.
  * Simply click on ''Download and install a self-signed certificate''
  * Enter the URL of the server holding the certificate you want to import as suche ''hostname:port'' (use 443 for most cases)
  * Enter the Common Name of the certificate (If you don't know the common name, use your browser to visualize the certificate parameters, it is listed there.)

==== Installing a certificate manually ====
  * Copy the certificate file in **CER** format in ''[PRO_MONITOR_HOME]/certificates/''
  * Run: ''keytool -import -trustcacerts -keystore [PRO_MONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PRO_MONITOR_HOME]/certificates/[certificate.cer]''

==== Import keystore into the Pro.Monitor keystore ====

  * Run : ''keytool -importkeystore -srckeystore [YOUR_KEYSTORE] -srcstoretype pkcs12  -srcstorepass agentilKeyStore -destkeystore [PRO_MONITOR_HOME]/certificates/.keystore -deststoretype jks -deststorepass agentilKeyStore''

**Note:**
Pro.Monitor keystore (server keys) and truststore (Trusted certificates) are in the same store : certificates/.keystore