Configuration Utilities
During and after the installation of Management and Security Server, you may be directed to run one or more of these utilities.
Initial Configuration Utility
You can run this utility independently if you did not enter the configuration information when you installed Management and Security Server.
-
enables the services you select for the Administrative Server.
-
creates an MSSData directory under which site-specific content is stored.
-
generates cryptographic keys and self-signed certificates for the servlet runner and the Administrative Server.
-
sets the administrative password.
-
sets a port value for the Administrative Server in configuration and HTML files.
-
(if installed) configures the Security Proxy Add-On: generates cryptographic keys and self-signed certificates, automates configuration, and sets a port value for the Security Proxy.
Running the utility
-
Be sure you have administrator privileges. If not, you will be prompted for credentials.
-
Launch the Initial Configuration Utility from its installed location. You can use -c to launch in console mode.
Windows systems:
[MssServerInstall]\utilities\bin\InitialConfigurationUtility.exe
Linux or UNIX systems:
[MssServerInstall]/utilities/bin/InitialConfigurationUtility
-
Enter (or verify) your configuration information, as prompted.
Configuration Upgrade Utility
You can run this utility independently if you did not enter the configuration information when you upgraded Management and Security Server.
The Configuration Upgrade Utility (CUU)
-
enables the services for this Administrative Server.
-
copies the servlet runner’s keystore from the previous location to the new location, if necessary.
-
copies the MSSData directory from the previous default location to the new default MSSData location (unless a custom location was configured).
-
updates port values in configuration and HTML file.
-
(if installed) copies Security Proxy Server configuration files from the old install directory to the new install directory.
Run the utility
Before you begin:
-
Make sure the earlier version of the software is not running when you run the Configuration Upgrade Utility.
This step will avoid potential port conflicts and allow you to accept default port assignments.
-
Verify that you have administrator privileges. If not, you will be prompted for credentials.
-
Launch the Configuration Upgrade Utility from its installed location. To launch in console mode, use
-c
.Windows systems:
[MssServerInstall]\utilities\bin\ConfigurationUpgradeUtility.exe
Linux or UNIX systems:
[MssServerInstall]/utilities/bin/ConfigurationUpgradeUtility
-
Enter (or verify) your configuration information, as prompted.
HTTPS Certificate Utility
The HTTPS Certificate Utility manages the default servlet runner certificate. Use this utility to install or update a certificate for the HTTP server functionality that is included with the Management and Security Server. This certificate enables clients to establish secure connections (HTTPS) to the services provided by the Management and Security Server. (Other certificates are managed differently.)
The HTTPS Certificate Utility can be used to create a private key and generate a Certificate Signing Request (CSR). You can then import the signed certificate and the private key.
Running the HTTPS Certificate Utility
The HTTPS Certificate Utility can be run at any time after Management and Security Server is installed.
-
Verify that you used the HTTP Server functionality that was provided during installation.
-
Run the utility.
On Windows:
[MssServerInstall]\utilities\bin\HTTPSCertificateUtility.exe
On Linux or UNIX:
[MssServerInstall]/utilities/bin/HTTPSCertificateUtility
-
Follow the prompts in the utility, and select a certificate action:
-
Generate a new key pair and self-signed certificate.
-
Generate a new private key and Certificate Signing Request.
-
Import a certificate and private key.
-
Import the Management and Security Server certificate and private key.
-
Note
When needed, the HTTPS Certificate Utility can be run in console mode by using the -console
application argument.
Alternative approaches
-
Instead of running the HTTPS Certificate Utility, you can run the Initial Configuration Utility to generate cryptographic keys and self-signed certificates for the provided servlet runner. Any existing keys will be overwritten by either utility.
-
You can configure Management and Security Server to use either a self-signed certificate, or a CA-signed SSL server certificate.
Requiring HTTPS in the Administrative Server
Beginning in version 12.8, Management and Security Server requires HTTPS. No additional setting is needed in the MSS Administrative Console to restrict the Administrative Server to the HTTPS protocol.
IIS Integration Utility
If Microsoft Internet Information Services (IIS) is installed on your Windows computer, the automated installer detects IIS and asks if you want to integrate your installation with IIS. This question appears even if you are upgrading from a previous version that was already integrated with IIS.
Reasons to Integrate Management and Security Server with IIS
By default, a web server is installed, and you do not need to integrate the product with IIS. However, you may choose to integrate Management and Security Server with IIS to
-
take advantage of the IIS Single Sign-on (SSO) functionality, such as authentication to the Administrative Console and to the HTML Assigned Sessions list.
-
use your existing web server certificates on IIS.
Note
When integrated with the IIS web server, Management and Security Server uses IIS and the IIS-configured server certificate for HTTPS communication; the servlet runner certificate is ignored. Although the servlet runner certificate is not used after IIS integration, it is recommended that you do not delete that certificate. Once integrated with IIS, the expiration status of the servlet runner certificate does not affect the Management and Security Server installation.
When to integrate:
-
You can run the IIS Integration Utility even if you did not integrate IIS when you installed Management and Security Server.
-
If a previous IIS integration existed when you ran the Initial or Upgrade configuration utility, the integration may be affected. Use the IIS Integration Utility to remove the existing integration and perform IIS integration again.
Running the IIS Integration Utility:
-
Run the IIS Integration Utility (
IISIntegrationUtility.exe
) located in the[MssServerInstall]\utilities\bin
directory. -
To integrate IIS with Management and Security Server, select a site and click Integrate.
-
If you are prompted, confirm the installation directory (for example,
C:\Program Files\Micro Focus\MSS
) and click Yes. -
If you are prompted to install required IIS role services, click Yes. Installation of role services can take a few minutes.
-
If you are prompted to restart the Administrative Server service, click Yes.
-
On the Integration Completed message box, click Yes to exit.
-
Restart the Administrative Server. This step is necessary only if you did not select the option to restart the MSS service.
-
If you installed the product as a Windows service, go to Control Panel > Administrative Tools > Services > Micro Focus MSS Server. Stop and restart the service.
-
You can also use the
-stop
and-start
commands withMssServer.exe
.
-
-
Confirm that integration was successful by browsing to
http://<serverName>[:port]/mss/AdminStart.html
where
<serverName>
is the IP address or alias of your Microsoft Windows machine running the Administrative Server, for example:http://myserver.mycompany.com/mss/AdminStart.html
.
To change your settings or remove the integration, run the IIS integration utility again.