Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. SSL Certificate Configuration
  5. Update the web server configuration to enable SSL

Update the web server configuration to enable SSL

These instructions apply to Apache version 2.4.xx and the procedure must be executed on the designated Web server.

  1. Copy the certificate files, typically generated via a certificate authority (CA), to a folder in the Web server's Apache configuration folder.

    Note:

    Configuration files shipped with IT Analytics licensed modules may use path names with recommended folder names. To use folders with different names, be sure to update all references to the recommended name in the default configuration files.

    Linux

    /opt/apache/conf/ssl_cert

    Windows

    C:\opt\apache\conf\ssl_cert
  2. Stop the Apache and Tomcat services. From a terminal console, enter the following commands.

    Linux

    /opt/aptare/bin/tomcat-agent stop
    /opt/aptare/bin/tomcat-portal stop
    /opt/aptare/bin/apache stop

    Windows

    C:\opt\aptare\utils\stopagent.bat
    C:\opt\aptare\utils\stopportal.bat
    C:\opt\aptare\utils\stopapache.bat
  3. Update the Apache configuration file to enable SSL.

    Linux: /opt/apache/conf/httpd.conf

    Windows: C:\opt\apache\conf\httpd.conf

    Un-comment the following lines by removing the # character.

    Linux

    #LoadModule ssl_module modules/mod_ssl.so
    #Include conf/extra/httpd-ssl.conf

    Windows

    #LoadModule ssl_module modules/mod_ssl.so
    #Include conf/extra/httpd-ssl.conf
  4. On an SSL enabled Portal server, it is recommended to either disable http or redirect http protocol to https.

    • To disable http protocol, edit httpd.conf file and remove VirtualHost section of portal configuration

    • To redirect http protocol to https, edit httpd.conf file, remove all entries of VirtualHost section of portal configuration and add following lines in same VirtualHost:

      ServerName   itanalyticsportal.<hostname>
      Redirect permanent / https://itanalyticsportal.<hostname>/
  5. To ensure a secure web server, remove any port 80 VirtualHost sections from the /opt/apache/conf/httpd.conf file.

    This prevents the HTTP message headers from getting unencrypted if one end of the communication is using non-HTTPS protocols.

  6. If a Virtual Host declaration is missing from the default Apache SSL configuration file, add the missing virtual host declaration to the configuration file. See the relevant section for instructions.

    • See Configure virtual hosts for portal and / or data collection SSL.

    • See SSL Implementation for the Portal Only.

    • See SSL Implementation for Data Collection Only.

    • See SSL Implementation for Both the Portal and Data Collection.

  7. For each active virtual host section in the Apache SSL configuration file (httpd-ssl.conf), ensure that declaration lines beginning with the following are un-commented (they do not have a # at the beginning of the line):

    SSLEngine
    SSLCertificateFile (update certificate file details)
    SSLCertificateKeyFile (update certificate key file details)
  8. Run the deployCert utility as root user on the Portal server to save the ssl certificates configured with Apache in java keystore itanalytics.jks .

    This will be used while configuring SingleSignOn and Syslog over SSL.

    • Linux: /opt/aptare/utils/deployCert.sh update

    • Windows: C:\opt\aptare\utils>deployCert.bat update

  9. Verify the Apache configuration is valid:, for Linux only

    # export LD_LIBRARY_PATH=/opt/apache/ssl/lib:$LD_LIBRARY_PATH
    (If https is enabled)
    # /opt/apache/bin/apachectl -t
  10. If SSL is enabled, change the applicationUrl in portal.properties to https instead of http.

  11. Restart Apache and both Tomcat (Portal and Data Collector) services.

    Linux

    /opt/aptare/bin/apache start
    /opt/aptare/bin/tomcat-portal start
    /opt/aptare/bin/tomcat-agent start

    Windows

    C:\opt\aptare\utils\startapache.bat
    C:\opt\aptare\utils\startagent.bat
    C:\opt\aptare\utils\startportal.bat
Update the default CipherSuite provided in the Apache Httpd configuration

IT Analytics Portal supports only one CipherSuite ECDHE-RSA-AES256-GCM-SHA384 by default if configured with https.

To update the Apache httpd setting with a different value, follow the steps described below.

  1. Stop Apache httpd and Tomcat services.

    Linux

    /opt/aptare/bin/tomcat-agent stop
    /opt/aptare/bin/tomcat-portal stop
    /opt/aptare/bin/apache stop

    Windows

    C:\opt\aptare\utils\stopagent.bat
    C:\opt\aptare\utils\stopportal.bat
    C:\opt\aptare\utils\stopapache.bat
  2. Update the httpd-ssl-override.conf file with required values for SSLCipherSuite.

    Linux: /opt/apache/conf/extra/httpd-ssl-override.conf

    Windows: C:\opt\apache\conf\extra\httpd-ssl-override.conf

    SSLCipherSuite <new list of Cipher Suites separated by colon>
  3. Start Apache httpd and Tomcat services

    Linux

    /opt/aptare/bin/apache start
    /opt/aptare/bin/tomcat-portal start
    /opt/aptare/bin/tomcat-agent star

    Windows

    C:\opt\aptare\utils\startapache.bat
    C:\opt\aptare\utils\startagent.bat
    C:\opt\aptare\utils\startportal.bat

Feedback

Was this page helpful?
Previous

Obtain an SSL certificate

Next

Configure virtual hosts for portal and / or data collection SSL

Feedback

Was this page helpful?