Configuring https on IDSTower

In order to run IDSTower over https, we need to create & configure the https certificate settings, in the below example we will configure IDSTower with a self signed certificate:-

  1. Generate a self-signed certificate using openssl (valid for 5 years in this example).

$ sudo mkdir /opt/idstower/certs
$ cd /opt/idstower/certs
$ sudo openssl req -x509 -newkey rsa:4096 -sha256 -keyout idstower.key -out idstower.crt -subj "/CN=idstower" -days 1825

  1. Convert the certificate into pfx format

$ sudo openssl pkcs12 -export -name “idstower” -out idstower.pfx -inkey idstower.key -in idstower.crt

  1. Change the owner of the certs directory and keys to idstower

$ sudo chown -R idstower:idstower /opt/idstower/certs

  1. Set the certificate path and password in appsettings.json->Hosting->Certificate section.

    • set path to: /opt/idstower/certs/idstower.pfx

    • set password to the one chosen in step 2

  2. Change thr URL in appsettings.json->Hosting->URL section to https:// instead of http://

  3. Restart IDSTower service to apply the changes

$ sudo systemctl restart idstower.service

  1. Verify that IDSTower service is running correctly:

$ sudo systemctl status idstower.service

  1. Make sure your firewall allows ports 80 & 443 (or the ports you are running IDSTower on):

on Ubuntu:

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw reload

on CentOS\RHEL:

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https
$ sudo firewall-cmd --reload

  1. If you have already created a Cluster in IDSTower, make sure to refresh the hosts configurations so that they can contact IDSTower via https, do this using hosts actions in Clusters->Cluster->Hosts Tab->Host Actions->All Hosts->Host->Refresh Stale Config.