Running NetSpyGlass via encrypted HTTP connection ************************************************* The url used by the UI backend is set in the configuration parameter `ui.url`. The choice between http and https protocol is determined by the protol specified in the url. To activate SSL just configure the url like this:: ui { url = "https://localhost:9100" } Keystore ======== SSL requires keys which are stored in the keystore. Keystore is located in the file `${home}/etc/keystore` where `${home}` is NetSpyGlass home directory set via configuration parameter "home". You need to create the keystore before you can start NetSpyGlass in SSL mode. To do this, use the following command (this command must be executed when current directory is the NetSpyGlass home):: keytool -keystore etc/keystore -alias netspyglass -genkey -keyalg RSA Keytool is part of the standard JRE distribution and should be installed in the same directory where your Java interpreter is. This tool will ask you several questions, including the password for the keystore. This looks like this:: /var/tmp/nw2 > keytool -keystore etc/keystore -alias netspyglass -genkey -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: dev1.happygears.net What is the name of your organizational unit? [Unknown]: Eng What is the name of your organization? [Unknown]: Happygears What is the name of your City or Locality? [Unknown]: Los Gatos What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=dev1.happygears.net, OU=Eng, O=Happygears, L=Los Gatos, ST=CA, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password): Once keystore is created, you need to add keystore password to the configuration. First, run script `nsgpasswd.sh` to get the password in obfuscated format. This script takes two parameters on the command line, the first is user name and the second is password to encrypt. We dont need user name for the keystore password so we can pass any word in its place, but the second argument should be your keystore passwoed. Here is how this command looks like (I am using 'test1234' as a password in this example):: ./nsgpasswd.sh x test1234 2014-10-16 17:04:59,103 INFO [Log ] Logging initialized @70ms test1234 OBF:1mf31j8x1lts1ltu1lq41lq61j651mbj MD5:16d7a4fca7442dda3ad93c9a726597e4 CRYPT:k.PbUrWl3ZCTs You can only use clear text or obfuscated versions of the password in the config. Copy and paste it to the configuration file in the parameter `ui.ssl.keystorePassword` like so:: ui { url = "https://0.0.0.0:9101/" ssl { keystorePassword = "OBF:1mf31j8x1lts1ltu1lq41lq61j651mbj" certificateAlias = "netspyglass" } Now you should be able to start UI backend server with SSL support. As usual, watch log file `logs/errors.log` for errors.