How to configure SSL HTTPS protocol

1. Get the certificate file and password, and convert the certificate format to: tomcat needs to use the jks format certificate , media server and websocket need .pem format certificate. About how to convert certificate format please check it from this link:

https://www.icarvisions.com/faq/how-to-convert-certificate-format-529.html

2. Place the certificates files under ... \ IVMS Server \ cert file path (Create it if there is none)

3. Modify ... \ IVMS Server \ tomcat \ conf \ server.xml file and set it as below:

 <Connector port=“ssl port” protocol=“HTTP/1.1” SSLEnabled=“true”
maxThreads=“150” scheme=“https” secure=“true”
clientAuth=“false” sslProtocol=“TLS”
keystoreFile=“.jks format certificate filepath”
keystorePass=“ certificate password” />

4. Restart the server and see if you can open the web page using https and ssl port.

5. Above about how to configure the Web with HTTPS; And below will introduce how to configure media server and websocket with SSL .

6. Change the addresses of media server and Websocket to domain names:

Install all the sub-server programs on one server , click the network address of the server management , fill in the domain name to the white box on the public network, and click OK

If you use cluster server then you need to go to the web management page or modify the IP address which bound to the domain name in the server_info table from MySQL.

7. Modify ... \ IVMS Server \ IVMSSSLServer.ini configuration file: (only need to set up websocket and media server),example as below:

[Settings]

Count = number of servers

CrtFile2In1 = certificate file path where the PEM format certificate in. (Here this certificate format must be CERTIFICATE + RSA PRIVATE KEY)

KeyFile = certificate file path where the key format certificate in. 

[Server0] // Count from 0, one part can only monitor one port number, and one server can configure multiple ports number. Like the example link internal, media server monitor several ports like 5604,15604,15605, 15606 and 15608.

name = Server name + ssl

Enabled = 1 // 1 is enabled,  0 is disabled

SSL_Enabled = 1

HTTPS_Enabled = 1

Listen = external ssl port

Targets = Internal service ports (i.e. the original service ports and you can find it from Server management)

8. Modify ... \ IVMS Server \ IVMSDaemon.ini configuration file，example as below:

9. Adding media server and websocket port in MySQL server_info table.

Open the server_info table from MySQL and add the SSL external ports (PortClientSSL and PortClientOtherSSl are on the far right by default as in above picture)

A part write media server main external SSL port, B part write other external SSL ports which also open for media media, and C part write external SSL ports for websocket, use ; to separate multiple ports, like 5604;15605;15606;15607;15608, also you need to set the ClientSSLEnabled to 1 and add your domain name to IPClientSSL side.

* If the server version is too old, there may be a problem that symbols cannot be filed in the database. You need to update the server and MySQL.

* All the ports number which will be filled in A /B /C must be consistent with Step7  IVMSSSLServer.ini configuration file ports number same. For example: in the example picture side,here A part need fill in 5604, B part fill in 15604;15605;15607;15608; and C part fill in 5075.

* Check the server IP details, except for LANIP, all other IP need to write the domain name.

10. Use admin to log in the Web platform and modify the Gateway server configuration. ( The ports should be consistent as the IVMSSSLServer.ini file, and select enable SSL service.)

11. Change below HTTP to HTTPS in same configuration file paths: (http to https)

12. After all of this, restart the server, and login the web test if you can see the video on Web client side.

FAQ DOWNLOAD

How to configure SSL HTTPS protocol.docx