Configuring HTTPS with a self-signed certificate - BlueCat Integrity - 26.1.0

Configure HTTPS support using a self-signed SSL certificate generated by Address Manager.

1. Select the Settings tab in the sidebar.
2. Under System security, select Web access.
3. Set the following parameters:
   Note: When replication is configured between Address Manager servers, web access settings for primary and standby servers are represented on separate tabs.

   • HTTP enabled—select the checkbox to enable HTTP. Deselect the checkbox to disable HTTP.
   • HTTPS enabled—select the checkbox to enable HTTPS.
   • HTTP to HTTPS redirection enabled—select the checkbox to enable HTTP to HTTPS redirection. The HTTP enabled checkbox must be selected to select this option.
     Important: You can't disable HTTPS if HTTP is configured to redirect to HTTPS.
     Note: HTTP to HTTPS redirection

     Selecting HTTP to HTTPS redirection enabled will redirect users to HTTPS if they attempt to access Address Manager using HTTP. You must have HTTP and HTTPS enabled to use HTTP to HTTPS redirection.

     • If the Address Manager domain name is configured to resolve to an IPv6 address, HTTP to HTTPS redirection enabled will redirect the domain name in the URL to an IPv6 address, resulting in an unknown certificate warning in your browser. For more information, refer to knowledge base article 5978 on BlueCat Customer Care.
   • X509 authenticator—select an X.509 authenticator previously added to Address Manager. For more information, refer to X.509 authentication.
4. Under Server certificate settings, complete the following:
   • Certificate method—select Generate self-signed certificate.
     Note: The self-signed certificate will be saved to the Address Manager database. If you need to upload or configure a custom SSL certificate, refer to Configuring HTTPS with custom certificates.
   • Days valid—the number of days the certificate will be valid (by default, 365).
   • Common name—enter the DNS hostname of the Address Manager server.
   • Organization—enter the name of your organization.
   • Department—enter the name of your department or division.
   • City—enter the name of your city or municipality.
   • State or province—enter the full name of your state or province. Abbreviations won't be accepted.
   • Country code (two letter)—enter your country’s two letter country code according to the ISO 3166-1 alpha-2 standard. For example, US=United States, CA=Canada, GB=Great Britain, DE=Germany. The country code must use capital letters.
   • Email address—(optional) enter an email address.
   • Comment—(optional) enter necessary comments on the certificate or its parameters.
   • Key size—from the drop-down menu, select either 2048 (default), 4096, or 8192 bits. The greater the bit key size, the greater the complexity of encryption.
   • Algorithm—from the drop-down menu, select either SHA256 (default), SHA384, or SHA512 for the message digest algorithm. This option provides a digital signature to validate the authenticity of the certificate.
5. Enter a Change control comment, if required.
6. Select Update web access settings.
7. In the Warning window, select Update and restart BAM. The Address Manager server will be temporarily unavailable as the changes are committed and the server restarts.