Home
TeamSite
SSL with TeamSite
yehohanan
Has anyone been able to successfully configure SSL for TeamSite ?? if so, would you mind sharing the instructions ?
Find more posts tagged with
Comments
Migrateduser
If you're talking about SSL with OpenDeploy 5.5.1 the answer is no. We attempted to install it but ended up having to open a ticket. We have not had an opportunity to go back and try the recommend solution (we recently learned that we don't need to use SSL so we have pursued it further).
The instructions for creating certificates are horrendous. The following instructions provided by IW Tech Support seem to be a little better:
[start]
The 1st thing to confirm is that during each certification creation
(including the CA), choose all the defaults EXCEPT for the "Common Name"
prompt. Here, enter something unique for each certificate created. So,
here is my setup:
OD Base server (sending server) - fazadl2k
OD Receiver server (receiving server) - fazadhpv
On the base server,
1) The instructions aren't too clear for creating the .rnd file. Using
registry files isn't a good example. A better example would be:
"COPY <some-reasonably-large-log-file> C:\<od-home>\bin\.rnd"
2) Issue "CA.bat -newca" hit enter to select all the defaults and enter a
unique Common Name - fazadl2k.
This will create the demoCA directory.
3) Issue "CA.bat -certall" hit enter to select all the defaults and make
sure Common Name is unique from before - I chose "faz". Again, hit Enter
two more times and then select "y" twice to sign the certificates.
This will create two *.pem files, newcert.pem and newkey.pem in the
[od-home]\bin. Create a new folder in C:\[od-home]\cert and copy both of
these files into this new location. These are the keys and certificates for
the sender.
4) Issue "CA.bat -certall" hit enter to select all the defaults and make
sure Common Name is unique from before - I chose "hpv". Again, hit Enter
two more times and then select "y" twice to sign the certificates.
This will create the keys and certs for the receiver. On the receiver,
create a "cert" directory and copy these files into that directory. ALSO,
copy the entire demoCA directory into the receiver [od-home] directory.
Make sure both the receiver and sender have this line in the odbase.xml
(sender), the deployment configuration file on the sender, and the
odbase.xml or odrcvr.xml of the receiver (remove the sslCaCertificate= line
from the receiver xml file):
<localNode host="FAZADL2K"
sslCertificate="C:\iw-home\opendeployNG\cert\newcert.pem"
sslPrivateKey="C:\iw-home\opendeployNG\cert\newreq.pem"
sslCaCertificate="C:\iw-home\openDeployNG\bin\demoCA\certs\cacert.pem" />
Make sure to confirm the correct paths to the keys. Issue an
iwodserverreset on each system and then try the deployment.
[end]
Let me know if this works for you (in case we go back to SSL for some reason).
evg
Migrateduser
TS5.0.x and above come configured to use SSL out of the box (just connect to
https://servername/iw
). The default ssl key that is shipped with TeamSite is the demo one that comes with mod_ssl for apache.
You will probably want to replace the demo ssl keys with one that was generated for your server. You may want to take a look at the following kb on how you can do this:
https://support.interwoven.com/kb/kb_show_article2.asp?ArticleID=2409
yehohanan
Thank you for your answers... However, we were not able to make it work.
Interwoven engineering is looking into this.
Thanks.
Migrateduser
Sorry that you were not able to get SSL working. What exactly about the instructions in the article were you not able to get to work?
I would like to know what problems you ran into so I can improve the instructions.
I did test out the info given in the kb article (2409) and they do work on windows and solaris (even though it was written from a solaris perspective). I know that there are other TeamSite users that were able to get this working as well.
eddie1
Was just wondering if we can follow the same KB if we are working with Teamsite 5.5.2 on Solaris ..... ??
Slabrador
We were not able to get this to work either - the link to the openssl.cnf file from the KB article does not work and this file is not present on our server (TS 6.5.0 + OD 6.1)
Migrateduser
The post preceeding this is over 2 years old, so it's not that surprising that the information is not accurate for your version.
The TeamSIte 6.1 admin guide pages 105-130 or so talk about configuring the proxy server, including SSL. You can find these manuals on the support site at this location (valid login required):
https://support.interwoven.com/library/manuals/teamsite/teamsite.asp
hth,
lissa
Slabrador
I'm afraid that didn't help at all - all the manuals say about SSL is "TeamSite uses a web deamon, iwwebd.exe, to provide SSL support for the TeamSite GUI." I'll have to find the answer elsewhere. Thanks.
Slabrador
Well, it turns out that those old instructions did work after all. What caught me (and our sys. admin.) out was that Windows 2003 hides the .cnf extension - even with 'hide extensions for known file types' un-checked.
After we figured that out it was all plain sailing, with only a touch of embarrassment....
- Dan Smith
- University of Southampton, UK
CBCOperations
We just installed TeamSite 6.5 for Windows (and installed SP1) and TeamSite's web daemon doesn't appear to be listening on port 443, so no SSL is possible. I have gleaned from the forums that it's supposed to start up in this state. Any idea how to manually turn on SSL for the ContentCenter?
- Julian
-- Julian C. Dunn <Julian_Dunn@cbc.ca> <jdunn@nm.cbc.ca>
-- Platform Administrator, CBC.ca Production & Operations
-- Office: 2C310-Q * Tel.: (416) 205-3311 x5592
Slabrador
As far as I can recall (I know it wasn't that long ago, but hey), you just need to generate and install the certificates then make sure SSL is the default protocol in the [iwwebd] section of iw.cfg, and that port 443 is listed as the SSL socket. And that was all we needed to do, I'm sure.
- Dan Smith
- University of Southampton, UK
CBCOperations
Hi Dan,
Maybe I'm blind, but I couldn't find information about generating those certificates anywhere in the install or admin guide for TeamSite 6.5. Where did you find that information?
- Julian
-- Julian C. Dunn <Julian_Dunn@cbc.ca> <jdunn@nm.cbc.ca>
-- Platform Administrator, CBC.ca Production & Operations
-- Office: 2C310-Q * Tel.: (416) 205-3311 x5592
----
Follow-Up:
Never mind, I figured out how to hack the service manually as I couldn't find any instructions on it in the Interwoven documentation. I did:
* Start a command prompt window (Start > Run > cmd.exe)
* Go to c:\iw-home\iw-webd
* Reconfigure the Interwoven Web Daemon service to use SSL. Type iwwebd.exe -n "Interwoven Web Daemon" -D SSL -k config
* Stop and restart the Interwoven Web Daemon from the Services control panel.
----
Edited by CBCOperations on 04/22/05 02:54 PM (server time).
