Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Data Collector Installation and Configuration Guide for Cohesity NetBackup
  3. Configure SSL
  4. Update the web server configuration to enable SSL on the Portal server
IT Analytics Data Collector Installation and Configuration Guide for Cohesity NetBackup

Update the web server configuration to enable SSL on the Portal server

These instructions apply to Apache version 2.4.xx and the steps should be taken on the designated Web server (the Portal server). the path mentioned in the sample commands assumes default installation path on Linux and Windows.

  1. Create the directory where the certificate and private key files will be located on the portal. Use the chmod command to ensure that only the root account can make changes to this folder as both the key file and certificate will be installed in this folder.

    • On Linux: Use the chmod command to ensure that only the root account can make changes to this folder as both the key file and certificate will be installed in this folder.

      Example:

      # cd /opt/apache/conf/ 
      # mkdir ssl_cert 
      # chmod 744 ssl_cert/
    • On Windows: Create folder ssl_cert inside C:\opt\apache\conf\.

  2. Copy the certificate files, typically generated via a certificate authority (CA), to a folder in the Web server's Apache configuration folder.

    Linux:

    cp -p server.* /opt/apache/conf/ssl_cert/ 

    Windows:

    C:\opt\apache\conf\ssl_cert

    Note:

    Configuration files shipped with IT Analytics licensed modules may use path names with recommended folder names. To use folders with different names, be sure to update all references to the recommended name in the default configuration files.

  3. Stop the Apache and Tomcat services. From a terminal console, enter the following commands.

    Linux

    /opt/aptare/bin/tomcat-agent stop
    /opt/aptare/bin/tomcat-portal stop
    /opt/aptare/bin/apache stop

    Windows

    C:\opt\aptare\utils\stopagent.bat
    C:\opt\aptare\utils\stopportal.bat
    C:\opt\aptare\utils\stopapache.bat
  4. Make a copy of the httpd.conf file.

    Linux:

    cp -p /opt/apache/conf/httpd.conf  /opt/apache/conf/original-httpd.conf

    Windows:

    Copy C:\opt\apache\conf\httpd.conf as C:\opt\apache\conf\original-httpd.conf
  5. Update the Apache configuration file httpd.conf to enable SSL.

    Linux: /opt/apache/conf/httpd.conf

    Windows: C:\opt\apache\conf\httpd.conf

    Un-comment the following lines by removing the highlighted # character.

    #LoadModule ssl_module modules/mod_ssl.so
    #Include conf/extra/httpd-ssl.conf
  6. When configuring SSL on a Portal server, it is recommended to either disable http or redirect http protocol traffic to https.

    • To disable all http protocol connections, edit httpd.conf file and remove the VirtualHost sections.

    • To redirect all connection attempts on the http protocol to the Portal user interface, edit httpd.conf file, remove all entries of VirtualHost section of portal configuration and add following lines in same VirtualHost section:

      ServerName   itanalyticsportal.<domainname> 
      Redirect permanent / https://itanalyticsportal.<domainname>/ 
      
      IF WILLING TO HAVE INITIAL CONNECTIONS BE ANSWERED using HTTP, but redirecting that traffic to HTTPS: 
      ServerName   itanalyticsagent.<domainname> 
      Redirect permanent / https://itanalyticsagent.<domainname>/ 
  7. Make a copy of the http-ssl.conf file.

    Linux:

    cp -p /opt/apache/conf/extra/httpd-ssl.conf /opt/apache/conf/extra/original-httpd-ssl.conf 

    Windows:

    Copy C:\opt\apache\conf\extra\httpd-ssl.conf as C:\opt\apache\conf\extra\original-httpd-ssl.conf
  8. Update the Apache SSL configuration file.

    Linux: /opt/apache/conf/extra/httpd-ssl.conf

    Windows: C:\opt\apache\conf\extra\httpd-ssl.conf

  9. For each active virtual host section in the Apache SSL configuration file (httpd-ssl.conf), ensure that declaration lines beginning with the following are un-commented (they do not have a # at the beginning of the line), and adjust the SSLCertificateFile and SSLCertificateKeyFile sections to point to the respective certificate and private key files referenced in Step 2.

    SSLCertificateFile <Provide the path of SSL certificate file> 
    SSLCertificateKeyFile <Provide the path of SSL key file>

    Example:

    SSLCertificateFile /opt/apache/conf/ssl_cert/server.crt

    SSLCertificateKeyFile <Provide the path of SSL key file> /opt/apache/conf/ssl_cert/server.key

    Note:

    If you have a CA issued certificate, ensure you add the SSLCertificateChainFile < Provide the path of Certificate chain file > entry uncommented in httpd-ssl.conf.

  10. Run the deployCert utility as root user on the Portal server to save the SSL certificates configured with Apache in java keystore itanalytics.jks.

    Use this as a prerequisite to configure single sign-on and syslog over SSL.

    • Linux portal command location: /opt/aptare/utils/deployCert.sh update

    • Windows portal command location: C:\opt\aptare\utils>deployCert.bat update

  11. Linux only: Verify the Apache configuration is valid.

    # export LD_LIBRARY_PATH=/opt/apache/ssl/lib:$LD_LIBRARY_PATH 
    # /opt/apache/bin/apachectl -t 

    If this message occurs:

      httpd: Syntax error on line 23 of /opt/apache/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: libssl.so.1.0.0: cannot open shared object file: No such file or directory.

    Resolve Syntax Error by linking libraries:

    cd /usr/lib 
    # ln -s /opt/apache/ssl/lib/libssl.so.1.0.0 libssl.so.1.0.0
    # ln -s /opt/apache/ssl/lib/libcrypto.so.1.0.0 libcrypto.so.1.0.0
  12. Change the application URL in portal.properties to https instead of http. The portal.properties file is located here:

    Linux: /opt/aptare/portalconf/portal.properties

    Windows: C:\opt\aptare\portalconf\portal.properties

  13. Start Apache and both Tomcat (Portal and Data Collector) services.

    Linux

    /opt/aptare/bin/apache start
    /opt/aptare/bin/tomcat-portal start
    /opt/aptare/bin/tomcat-agent start

    Windows

    C:\opt\aptare\utils\startapache.bat
    C:\opt\aptare\utils\startagent.bat
    C:\opt\aptare\utils\startportal.bat
Configure virtual hosts for Portal and / or Data Collector SSL

Refer to the following sections in the IT Analytics Administrator Guide that are relevant for your environment. The instructions above accomplish SSL Implementation for Both the Portal and Data Collection.

  • SSL Implementation for the Portal only

  • SSL Implementation for data collection only

  • SSL Implementation for both portal and data collection

Feedback

Was this page helpful?
Previous

Obtain an SSL certificate

Next

Enable / Disable SSL for a Data Collector

Feedback

Was this page helpful?