Updated: June 13, 2023 6:52am

SSL Manager

The SSL tool is used to install an SSL certificate to a Prism server, or to revert from SSL secured to unsecured.
The SSL tool has been enhanced in Prism 2.x by streaming the certificate and key files from a location on the computer used to run Tech Toolkit to the Prism server where it gets applied to that server. These could be the same computer, but they could be different computers. In past versions of the SSL tool the certificate and key files had to be located on the server computer that was to be secured with SSL.
This means it is possible to have certificates and key files for several servers located on a remote computer, for example, at an HQ computer where the certificates may have been created for each store in the enterprise. Then, from the HQ computer, install those certificates on each store computer remotely,
To use the SSL tool, then, the certificate and key files must be on the computer you are using to run Tech Toolkit. This could be the same computer as the server computer, but it doesn't have to be.

To install SSL certificates:
Browse to the location of the certificate file.
Browse to the location of the .pem file.
Click Update Prism Config.
TTK SSL tab

Special Steps for Proxy Only Machines
Machines that have only the Proxy installed (no Prism Server, no DRS) require special consideration.
1.    Install the certificate and the key files.
2.    Click Update Prism. A confirmation is displayed, explaining that Apache and RabbitMQ must be stopped and then restarted.
3.    Launch the Proxy using the desktop shortcut.
4.    You will be prompted to enter the domain name for the certificate. Enter your company's domain name. Click OK. (If you don't enter the domain name, the connection will be insecure.)

Disable SSL before Upgrades
Before installing an upgrade to Prism, disable SSL certificates. Re-enable SSL certificates after the upgrade install is finished.

SSL Manager check of Prism Components
The SSL Manager will detect which Prism components are on the machine: Prism Server and/or the Prism Proxy. This is especially important when the machine in question is a "Proxy only" machine.

  • If Prism Server is on the machine, the SSL Manager will modify the prism.conf file to apply the certificates.
  • If the Proxy is installed, the SSL Manager will apply the certificate file names to the Proxy.ini file.

Once the certificates are applied, the SSL Manager will alert the user to restart services as needed. If the proxy is being secured, that will also need a restart.

SSL Certificates for Centrals
To use Centrals using SSL, a Centrals server's current SSL Certificate and Private Key need to be loaded in the SSL tab of Web TTK on the Centrals server. After restarting Apache on the Centrals server, in order to access Web TTK again, the URL must include the FQDN (hostname + Domain extension) of the Centrals server. Do not forget to clear the browser cache, as it remembers the unsecured connection and will interfere with secure access.
On each Prism server from which the Centrals server is accessed (including the Centrals server itself), the Centrals server name in Admin Console > Installation Defaults, should be entered as the Centrals server's FQDN. Additionally, each machine accessing the Centrals server must have loaded the Centrals server's Certification Authority's certificate IF that CA is not one of the common CAs for which the certificate is already available in Windows

Previous
Next

Search Documentation