Forum Stats

  • 3,816,091 Users
  • 2,259,138 Discussions
  • 7,893,390 Comments

Discussions

Can OLT be configured to use https?

IHodgetts
IHodgetts Member Posts: 264
edited May 8, 2009 9:54AM in QA/Testing
We're in the processes of re-structuring and have a requirement to host at least a load agent on part of our secure LAN (in order to access a particular app). While we could host the controller there too, presumably we would have to access it just over http. Is https access a possibility?

<edit>

Maybe a better approach would be to keep the OLT controller 'as is' and simply host a separate instance of the load agent on our secure LAN. Presumably it would then just be a case of opening up port 9001 to allow OLT to 'see' the secure LAN agent?

</edit>

Edited by: IHodgetts on May 6, 2009 2:20 PM

Best Answer

  • Alex
    Alex Member Posts: 799
    Answer ✓
    Hi Ian

    You can set up Oracle Load Testing for Web Applications to use SSL (Secure Sockets Layer). The procedure is comprised of the following steps:

    1. Create the certificate keystore.
    2. Edit the server.xml file to use SSL.

    Note: It is recommended that you back up the server.xml file before beginning this procedure.
    Create the Certificate Keystore

    1. Shut down the server.
    2.Open a shell command window.
    3.Navigate to EmpAppServer\jre\bin in the Oracle Load Testing for Web Applications installation directory.
    4.Enter the following command sequence:
    keytool -genkey -alias tomcat -keyalg RSA -keystore \tomcat.keystore
    5.Enter any password when prompted. The default password used by Tomcat is changeit, all in lowercase. If you are not using the default, then the password must entered in the keystorePass attribute of the SSL/HTTPS connector in the server.xml file.
    6.Enter information about the certificate as prompted. This information is displayed to users who attempt to access a secure page in your application.
    7.Enter the key password specific to this Certificate. You must use the same password that was used for the keystore password itself. Pressing the Enter key does this automatically.
    8.Copy tomcat.keystore to EmpAppServer\server\default\conf located in the Oracle Load Testing for Web Applications installation directory.

    Edit the server.xml File

    To edit the server.xml file to use SSL and the certificate you created:

    1.Open the EmpAppServer\server\default\deploy\jbossweb-tomcat55.sar\server.xml file in the Oracle Load Testing for Web Applications installation directory in notepad or any other text editor.
    2.Locate the following section of the XML file:

    <!-SSL/TLS Connector configuration
    <Connector port="${oracle.port.https}"
    address="${jboss.bind.address}"
    max Threads="100" minSpareThreads="5" maxSpareThreads="15"
    scheme="https" secure="true" client="false"
    keystore File="${jboss.server.home.dir}/conf/tomcat.keystore"
    keystorePass="changeit" sslProtocolol = "TLS" />
    -->

    If you entered a password other than changeit when you generated the certificate, change the keystorePass value to match the entered password.

    If you want to change the default HTTPS port from the default of 8433, change the value in EmpAppServer\server\default\conf\oracle.properties in the Oracle Load Testing for Web Applications installation directory.

    If you have disabled the HTTP connector or expect to heavily use the HTTPS connector, copy the thread configuration setting values (maxThreads, minSpareThreads, and maxSpareThreads) from the HTTP connector to the HTTPS connector.
    3.Uncomment this attribute.
    4.If you do not want to open access to Oracle Load Testing for Web Applications to the general public on port 8088, comment out the following element:

    <!-A HTTP/1.1 Connector on port 8088 --->
    <connector port="${oracle.port.http}"
    address="${jboss.bind.address}"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="${oracle.port.https}" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" />

Answers

  • Alex
    Alex Member Posts: 799
    Answer ✓
    Hi Ian

    You can set up Oracle Load Testing for Web Applications to use SSL (Secure Sockets Layer). The procedure is comprised of the following steps:

    1. Create the certificate keystore.
    2. Edit the server.xml file to use SSL.

    Note: It is recommended that you back up the server.xml file before beginning this procedure.
    Create the Certificate Keystore

    1. Shut down the server.
    2.Open a shell command window.
    3.Navigate to EmpAppServer\jre\bin in the Oracle Load Testing for Web Applications installation directory.
    4.Enter the following command sequence:
    keytool -genkey -alias tomcat -keyalg RSA -keystore \tomcat.keystore
    5.Enter any password when prompted. The default password used by Tomcat is changeit, all in lowercase. If you are not using the default, then the password must entered in the keystorePass attribute of the SSL/HTTPS connector in the server.xml file.
    6.Enter information about the certificate as prompted. This information is displayed to users who attempt to access a secure page in your application.
    7.Enter the key password specific to this Certificate. You must use the same password that was used for the keystore password itself. Pressing the Enter key does this automatically.
    8.Copy tomcat.keystore to EmpAppServer\server\default\conf located in the Oracle Load Testing for Web Applications installation directory.

    Edit the server.xml File

    To edit the server.xml file to use SSL and the certificate you created:

    1.Open the EmpAppServer\server\default\deploy\jbossweb-tomcat55.sar\server.xml file in the Oracle Load Testing for Web Applications installation directory in notepad or any other text editor.
    2.Locate the following section of the XML file:

    <!-SSL/TLS Connector configuration
    <Connector port="${oracle.port.https}"
    address="${jboss.bind.address}"
    max Threads="100" minSpareThreads="5" maxSpareThreads="15"
    scheme="https" secure="true" client="false"
    keystore File="${jboss.server.home.dir}/conf/tomcat.keystore"
    keystorePass="changeit" sslProtocolol = "TLS" />
    -->

    If you entered a password other than changeit when you generated the certificate, change the keystorePass value to match the entered password.

    If you want to change the default HTTPS port from the default of 8433, change the value in EmpAppServer\server\default\conf\oracle.properties in the Oracle Load Testing for Web Applications installation directory.

    If you have disabled the HTTP connector or expect to heavily use the HTTPS connector, copy the thread configuration setting values (maxThreads, minSpareThreads, and maxSpareThreads) from the HTTP connector to the HTTPS connector.
    3.Uncomment this attribute.
    4.If you do not want to open access to Oracle Load Testing for Web Applications to the general public on port 8088, comment out the following element:

    <!-A HTTP/1.1 Connector on port 8088 --->
    <connector port="${oracle.port.http}"
    address="${jboss.bind.address}"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="${oracle.port.https}" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" />
  • IHodgetts
    IHodgetts Member Posts: 264
    Thanks, that's excellent news!

    We may end up not doing that just yet (as I think I've just about achieved what I needed to with just the agent installed) but we will be re-visiting this in a few months and may well take the https route.

    Thanks again for the detailled instructions.
This discussion has been closed.