How to configure ApexSQL Monitor SSL web access (https) manually

Applies to
ApexSQL Monitor

Summary
This article provides information about configuring SSL after the installation of ApexSQL Monitor to allow secure access to web server.

Description

The ApexSQL Monitor service is designed to work with SSL, but ApexSQL doesn’t provides any self-signed certificate. Those who want to use Web server via SSL must obtain the certificate, either self-signed or signed by any Certification Authority (CA)

Once a SSL certificate is obtained from a Certification Authority, the following steps should be followed to install that SSL certificate:

  1. Run a Windows Command Prompt with elevated privileges. Right-click Start -> Command Prompt (Admin)

    Alternatively, you can go to Start > Run and then type cmd without quotes and select Run as administrator from the context menu

  2. Run the command:

    netsh http add urlacl url=https://<web address or IP>:<port4443>/ user=Everyone

    This command reserves the specified web address and port for non-administrator users/accounts, in this particular case for Everyone

  3. The SSL certificate can be bind to a host name or to an IP address

    – To bind to a host name run the command:

    netsh http add sslcert appid={d74e615d-febf-45d6-83b9-0addce68dac5} hostnameport=<web address>:<port4443> certhash=<thumbprint> certstorename=my

    This command binds a Secure Sockets Layer (SSL) server certificate and the corresponding client certificate policies to a web address and port

    appid – GUID that identifies the ApexSQL Monitor. Do not change this number

    hostnameport – the Unicode hostname and port for binding (i.e. nikola.apexsql.com:4443)

    certhash – SHA hash of the certificate. This is 20 bytes long hexadecimal string, that can be found under the “Thumbprint” in the certificate properties

    – To bind to an ip address run the command:

    netsh http add sslcert appid={d74e615d-febf-45d6-83b9-0addce68dac5} ipport=<IP address>:<port4443> certhash=<thumbprint>

    This command binds a Secure Sockets Layer (SSL) server certificate and the corresponding client certificate policies to a web address and port

    appid – GUID that identifies the ApexSQL Monitor. Do not change this number

    ipport – an IP address and port (where the application is hosted) for binding (i.e. 10.10.10.87:4443)

    certhash – SHA hash of the certificate. This is 20 bytes long hexadecimal string, that can be found under the “Thumbprint” in the certificate properties

    certstorename – certificate store name. Default value is My. Certificate must be hosted in the local computer

  4. Navigate to <drive letter>:\ProgramData\ApexSQL\ApexSQLMonitor and open the Monitor.dat for editing (any text editor like Notepad)

  5. Replace the following:

    – If host name option is used for binding

    <HttpsSiteName /> with <HttpsSiteName>Web_address</HttpsSiteName>

    The example of the file:

    <?xml version=”1.0″?>
    <ExternalInfo xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
     <MonitorDatabaseName>ApexSQLMonitor</MonitorDatabaseName>
     <MonitorServerName>WIN-ECJIMF4DK6U</MonitorServerName>
     <Port>65446</Port>
     <WCFServer>WIN-ECJIMF4DK6U</WCFServer>
     <WebPort>5000</WebPort>
    <WebHttpsPort>4443</WebHttpsPort>
    <HttpsSiteName>nikola.apexsql.com</HttpsSiteName>
     <HttpHostNames>
      <string>*</string>
      <string>!localhost</string>
      <string>!127.0.0.1</string>
      <string>!ip</string>
      <string>!machinename</string>
     </HttpHostNames>
     <WebHost>localhost</WebHost>
     <UseHttpServer>true</UseHttpServer>
    <UseHttpsServer>true</UseHttpsServer>
    </ExternalInfo>

    – If host IP option is used for binding

    <HttpsSiteName /> with <HttpsSiteName>IP_address</HttpsSiteName>

    The example of the file:

    <?xml version=”1.0″?>
    <ExternalInfo xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
     <MonitorDatabaseName>ApexSQLMonitor</MonitorDatabaseName>
     <MonitorServerName>WIN-ECJIMF4DK6U</MonitorServerName>
     <Port>65446</Port>
     <WCFServer>WIN-ECJIMF4DK6U</WCFServer>
     <WebPort>5000</WebPort>
    <WebHttpsPort>4443</WebHttpsPort>
    <HttpsSiteName>10.10.10.87</HttpsSiteName>
     <HttpHostNames>
      <string>*</string>
      <string>!localhost</string>
      <string>!127.0.0.1</string>
      <string>!ip</string>
      <string>!machinename</string>
     </HttpHostNames>
     <WebHost>localhost</WebHost>
     <UseHttpServer>true</UseHttpServer>
    <UseHttpsServer>true</UseHttpsServer>
    </ExternalInfo>

  6. Restart the ApexSQL Monitor service

Useful link

 

Related posts:

  1. How to migrate the repository database to a different SQL Server
  2. Installing ApexSQL monitoring tools
  3. ApexSQL VM Monitor – Permissions and requirements
  4. How to configure ApexSQL Monitor
  5. How to configure remote access and connect to a remote SQL Server instance with ApexSQL tools