If your DualShield platform is operating in HTTP protocol and you want to switch it to HTTPS, then you will have to manualy edit and modify several configuration files.

The first thing you need to get, of course, is a SSL server certificate for your DualShield platform. The Common Name of the certificate must be the host name (FQDN) of your DualShield platform, and the file format of the certificate must be in PFX.

Before you start to make changes, stop the DualShield service first. You can do so in the Windows service manager or execute "net stop DualShield" command in the Windows Command Console. Also, make a backup copy of the original file before making changes in case you have to revert back.

This article assumes that the installation folder of the DualShield platform is: "C:\Program Files\Deepnet DualShield", and the host name (FQDN) of the DualShield platform is: DualShield.DeepnetSecurity.com

1. C:\Program Files\Deepnet DualShield\tomcat\conf

By default, DuallShield Platform works on 7 TCP/IP ports: 8070, 8071, 8072, 8073, 8074, 8075, 8076. Port 8070 and 8071 are always configured to run in HTTPS protocol, and other ports are configured to run in HTTP protocol if you chose HTTP mode at the initial installation. You need to reconfigure those 5 ports and switch them to HTTPS protocol. (As matter of fact, you do not have to switch all of those 5 ports to HTTPS if you do not want to. You can reconfigure just some of those 5 ports and switch them to HTTPS protocol. For instance, if you just want to switch the Management Console to SSL, then do the neccessary changes for port 8073 only. Or if you are only concerned about the Provisioning Service, then change the settings of port 8072.)

Open the server.xml file in a text editor, locate the following lines:

<Connector port="8072" protocol="HTTP/1.1"
       connectionTimeout="20000"
       />
<!--  
<Connector protocol="HTTP/1.1" SSLEnabled="true"
   port="8072"
   scheme="https" secure="true" clientAuth="false"
   keystoreFile="C:\Program Files\Deepnet DualShield/certs/allinone.pfx"
   keystorePass="$deepnet.dualserver.sslcertpassword" keystoreType="PKCS12"  sslProtocol = "TLS" />
-->

Comment out the first connector block and uncomment the second connector block, i.e.

<!--  
<Connector port="8072" protocol="HTTP/1.1"
       connectionTimeout="20000"
       />
-->

<Connector protocol="HTTP/1.1" SSLEnabled="true"
   port="8072"
   scheme="https" secure="true" clientAuth="false"
   keystoreFile="C:\Program Files\Deepnet DualShield/certs/allinone.pfx"
   keystorePass="$deepnet.dualserver.sslcertpassword" keystoreType="PKCS12"  sslProtocol = "TLS" />

then, replace the value of "keystoreFile" with file name of your DualShield SSL certificate, e.g.

   keystoreFile="C:\Program Files\Deepnet DualShield/certs/myDualShieldSSLCert.pfx"

finally, replace the value of "keystorePass" with the password of the SSL certificate, e.g.

   keystorePass="myPasswordOfMyDualShieldSSLCert"

Repeat the same process for port 8073, 8074, 8075 and 8076.

2. C:\Program Files\Deepnet DualShield\config\appsso-metadata.xml

Replace "http://dualshield.deepnetsecurity.com" with "https://dualshield.deepnetsecurity.com" in all occurrences.

3. C:\Program Files\Deepnet DualShield\config\appsso.properties

Replace "management_protocol = http" with "management_protocol = https"

4. C:\Program Files\Deepnet DualShield\config\ManagementConsole.xml

Replace "http://dualshield.deepnetsecurity.com" with "https://dualshield.deepnetsecurity.com" in all occurrences.

5. C:\Program Files\Deepnet DualShield\config\SelfServiceConsole.xml

Replace "http://dualshield.deepnetsecurity.com" with "https://dualshield.deepnetsecurity.com" in all occurrences.

6. C:\Program Files\Deepnet DualShield\manconsole.url

Replace "http://dualshield.deepnetsecurity.com" with "https://dualshield.deepnetsecurity.com" in all occurrences.

7. C:\Program Files\Deepnet DualShield\dssconsole.url

Replace "http://dualshield.deepnetsecurity.com" with "https://dualshield.deepnetsecurity.com" in all occurrences.

Save all changes and restart DualShield service. You can do so in the Windows service manager or execute "net start DualShield" command in the Windows command console.

Note: If you have already deployed the DualShield IIS Agent and/or DualShield Authentication Gateway, then you must reconfigure it.

Important:  Since version 5.7, it becomes harder, as the information is also saved into DualShield database. You need to change them accordingly(Management Console, Provisioning Service Portal and Self Service Console). They are in the table sso_service_provider, the column is called "xml_descriptor". Using sql command line to update this field is unrealistic, as the value content is more than 1K. Please use MySQL GUI tool, like HeidiSQL or SQLyog community edition.

Related Articles