How to configure SSL HTTPS protocol

2020-04-03  FAQ  856 views  shaofu

1. Get the certificate file and password, and convert the certificate format to: tomcat needs to use the jks format certificate , media server and websocket need .pem format certificate. About how to convert certificate format please check it from this link:

https://www.icarvisions.com/faq/how-to-convert-certificate-format-529.html

2. Place the certificates files under ... \ IVMS Server \ cert file path (Create it if there is none)

How to configure SSL HTTPS protocol Picture1

3. Modify ... \ IVMS Server \ tomcat \ conf \ server.xml file and set it as below:

How to configure SSL HTTPS protocol Picture2

 <Connector port=“ssl port protocol=“HTTP/1.1” SSLEnabled=“true”
maxThreads=“150” scheme=“https” secure=“true”
clientAuth=“false” sslProtocol=“TLS”
keystoreFile=“.jks format certificate filepath
keystorePass= certificate password />


4. Restart the server and see if you can open the web page using https and ssl port.

How to configure SSL HTTPS protocol Picture3

5. Above about how to configure the Web with HTTPS; And below will introduce how to configure media server and websocket with SSL .

6. Change the addresses of media server and Websocket to domain names:

Install all the sub-server programs on one server , click the network address of the server management , fill in the domain name to the white box on the public network, and click OK

How to configure SSL HTTPS protocol Picture4

If you use cluster server then you need to go to the web management page or modify the IP address which bound to the domain name in the server_info table from MySQL.

7. Modify ... \ IVMS Server \ IVMSSSLServer.ini configuration file: (only need to set up websocket and media server),example as below:

How to configure SSL HTTPS protocol Picture5

[Settings]

Count = number of servers

CrtFile2In1 = certificate file path where the PEM format certificate in. (Here this certificate format must be CERTIFICATE + RSA PRIVATE KEY)

KeyFile = certificate file path where the key format certificate in. 

[Server0] // Count from 0, one part can only monitor one port number, and one server can configure multiple ports number. Like the example link internal, media server monitor several ports like 5604,15604,15605, 15606 and 15608.

name = Server name + ssl

Enabled = 1 // 1 is enabled,  0 is disabled

SSL_Enabled = 1

HTTPS_Enabled = 1

Listen = external ssl port

Targets = Internal service ports (i.e. the original service ports and you can find it from Server management)


8. Modify ... \ IVMS Server \ IVMSDaemon.ini configuration fileexample as below:

How to configure SSL HTTPS protocol Picture6

9. Adding media server and websocket port in MySQL server_info table.

How to configure SSL HTTPS protocol Picture7

How to configure SSL HTTPS protocol Picture8

Open the server_info table from MySQL and add the SSL external ports (PortClientSSL and PortClientOtherSSl are on the far right by default as in above picture)

A part write media server main external SSL port, B part write other external SSL ports which also open for media media, and C part write external SSL ports for websocket, use ; to separate multiple ports, like 5604;15605;15606;15607;15608, also you need to set the ClientSSLEnabled to 1 and add your domain name to IPClientSSL side.


* If the server version is too old, there may be a problem that symbols cannot be filed in the database. You need to update the server and MySQL.

 

* All the ports number which will be filled in A /B /C must be consistent with Step7  IVMSSSLServer.ini configuration file ports number same. For example: in the example picture side,here A part need fill in 5604, B part fill in 15604;15605;15607;15608; and C part fill in 5075.

 

* Check the server IP details, except for LANIP, all other IP need to write the domain name.

How to configure SSL HTTPS protocol Picture9

10. Use admin to log in the Web platform and modify the Gateway server configuration. ( The ports should be consistent as the IVMSSSLServer.ini file, and select enable SSL service.)

How to configure SSL HTTPS protocol Picture10

11. Change below HTTP to HTTPS in same configuration file paths: (http to https)

How to configure SSL HTTPS protocol Picture11


12. After all of this, restart the server, and login the web test if you can see the video on Web client side.

FAQ DOWNLOAD

How to configure SSL HTTPS protocol Picture12How to configure SSL HTTPS protocol.docx


Still Have Questions?

If you would like help finding the right information to meet your requirement please leave us a message below, one of our sales representatives will be happy to assist you shortly!

Zach Fan Frank Liu Candy
Sunny
Shelley