KB274071: How to add HTTPS MicroStrategy Web and Mobile servers to an environment in Operations Manager?

Overview
This technical note explains the necessary steps to add HTTPS Strategy Web and Mobile servers to an environment in Operations Manager. This technical note is written under the premise that a user has already configured HTTPS environments. The configuration of HTTPS is not in the scope of this document.
 
Configuration Steps in Internet Information Services (IIS)

1. Export a certificate file from the Services Manager. The exported file may be named as “certificate.pfx” with the password 123456.

1. Copy the certificate file to the Intelligence Server to which Web and mobile servers connect. As an example, the certificate may be saved directly under the C: drive.

1. Import the certificate file to the JVM in the Health Center folder.

     3a – Open a command line and navigate to the bin folder under the Health Center\JRE folder to execute keytool.exe. The folder path should be similar to “C:\Program Files (x86)\Common Files\Strategy\HealthCenter\JRE\170_51\32-bit\bin”
     3b – Import the certificate file to the lib\security\cacerts of the JRE by running the command below
Command Format:
keytool -importkeystore -srckeystore <src keystore name> -destkeystore cacerts -srcstoretype pkcs12 -deststoretype jks -srcstorepass <src keystore password> -deststorepass <dest keystore password> –v
 
Example:
keytool -importkeystore -srckeystore “C:\certificate.pfx” -destkeystore "C:\Program Files (x86)\Common Files\Strategy\HealthCenter\JRE\170_51\32-bit\lib\security\cacerts" -srcstoretype pkcs12 -deststoretype jks -srcstorepass 123456 -deststorepass changeit –v
 
Notes:

• The default destkeystore password is “changeit”.
• It is necessary to import the file to cacerts keystore.

1. Restart the Health Center Service

 
 
Configuration Steps in Tomcat

1. Export the certificate file with the command below:

Command Format:
keytool -export -alias tomcat -keystore <keystore name> -file <file name> -storepass <keystore password>
 
Example:
keytool -export -alias tomcat -keystore C:\tomcat.keystore -file c:\tomcat.cer -storepass 123456
 
Notes: 
The Tomcate.keystore file is generated when configuring HTTS for Tomcat.
 

1. Copy the certificate file to the Intelligence Server to which Web and mobile servers connect. As an example, the certificate may be saved directly under the C: drive.

1. Import the certificate file to the JVM in the Health Center folder.

     3a – Open a command line and navigate to the bin folder under the Health Center\JRE folder to execute keytool.exe. The folder path should be similar to “C:\Program Files (x86)\Common Files\Strategy\HealthCenter\JRE\170_51\32-bit\bin”
     3b – Import the certificate file to the lib\security\cacerts of the JRE by running the command below
Command Format:
keytool -import -alias tomcat -file <cer file name> -keystore <key store path> -storepass <keystore password>
 
Example:
keytool -import -alias tomcat -file "C:\tomcat.cer" -keystore "C:\Program Files (x86)\Common Files\Strategy\HealthCenter\JRE\170_51\32-bit\lib\security\cacerts" -storepass changeit
 
Notes:

• The default destkeystore password is “changeit”.
• It is necessary to import the file to cacerts keystore.

1. Restart the Health Center Service

 
 
Notes:
For Linux environment, the steps are the same. The cacerts file of Health Center usually exists under HealthCenterInstance/_jre/lib/security.