docmain.css" /> Using the Security Proxy Wizard - Installation Guide

Using the Security Proxy Wizard

The wizard imports or generates the security certificate used to authenticate the Security Proxy Server and sets up a properties file that contains information about each security proxy connection. If you are using authorization to determine access levels, the security proxy also imports the certificate from the Administrative Server.

If you used an automated installer, the Security Proxy Server has been configured and you can skip this step; you can run the wizard later to manage your proxy settings.

If you installed manually, you must first run the Security Proxy Wizard on the computer where you installed the software before you can run the security proxy server.

Starting the Security Proxy Wizard

Windows

  • If you used the automated installer, go to Start > All Programs > Micro Focus Host Access Management and Security Server > Security Proxy Wizard. Alternatively, run the SecurityProxyServerWizard.exe file in the [MssServerInstall]\securityproxy\bin\ folder.

  • If you installed manually and completed the initial configuration, run the [MssServerInstall]\securityproxy\bin\SecurityProxyServerWizard.exe file.

UNIX or Linux

  • The Security Proxy Wizard requires an X11 window to display its graphical interface. Use the console of an X window, or an X session, as provided with Reflection X, and open a terminal window.

  • Run the [MssServerInstall]/securityproxy/bin/securityproxyserverwizard file.

Security Proxy Wizard Options

If you run the Security Proxy Wizard from the command line or from a command prompt, these command line options are available:

Parameter

Description

-locale [en|fr|de]

Specify the language in which the wizard opens. For example, navigate to the Security Proxy Wizard folder (the default on Windows is \securityproxy\bin) and enter this command to start the wizard in French.

SecurityProxyServerWizard -locale fr

-serverproperties [path and file name of your server properties file]

Specify the server.properties file to open. For example, navigate to the Security Proxy Wizard folder (the default on Windows is \securityproxy\bin) and enter this command to start the wizard with the specified file.

  • SecurityProxyServerWizard -serverproperties "C:\Program Files\Micro Focus\MSS\securityproxy\conf\server.properties"

Configuring the Security Proxy Using the Security Proxy Wizard

If you manually installed the security proxy, run the wizard to complete the configuration of a security proxy port.

  1. Start the Security Proxy Wizard.

  2. Create a server.properties file by clicking New on the Status tab. It is recommended that you install the file in the \securityproxy\conf folder within your installation of the security proxy server. For example, in the Select Data Root dialog box, select the securityproxy folder, and then click the Create button. The conf folder and the server.properties file are automatically created. Verify that you do not have two \conf directories in the path. Click Yes to continue. Enter a host name for the security proxy server, and then click OK.

  3. Add the Administrative Server certificate to the security proxy trusted certificates list. On the Trusted Certificates tab, you can import a trusted certificate from a file or directly from the Administrative Server over the network.

    For evaluation purposes, import a trusted certificate from the Administrative Server over the network. Click Import, then click the Server button. In a production environment, or in an environment where greater security is required, it is recommended that importing the trusted certificates be performed by copying the certificates from one machine to the other and then importing them from a local file.

  4. Specify (or accept the defaults for) the Administrative Server address, the Administrative Server (not the Proxy Server) port number, the servlet context, and the friendly name of the Administrative Server. The context name is used in the URL that accesses the Administrative Server, and it is often, although not always, the same as the folder within which the Administrative Server is installed. The default context name is mss. Click OK.

  5. Create the proxy. On the Proxies tab, click Add. Enter the local port number. This is the port on which the proxy listens for connections. It can be any unused port number; it should not be the standard port for the host connection. Click Add to change the default cipher suite.

  6. In the Add Cipher Suite dialog box, select a Cipher suite or accept the default. Click the Generate button.

  7. In the Generate Security Proxy Certificate dialog box, enter the certificate information. Click the Generate button.

  8. In the Add Cipher Suite dialog box, click OK to add the cipher suite.

  9. Modify the Proxy Type as necessary. For evaluation purposes, retain the default settings.

  10. In the Add Proxy dialog box, click OK to add the proxy.

  11. Export the settings to the Administrative Server. Click Export Settings on the Proxies tab. In the Export Proxies dialog box, specify or accept the default Administrative Server, Port, and Context, and then click Export.

  12. When you have set up the security proxy server component, click Exit to close the wizard and save your settings. To make changes to the proxy server settings later, simply rerun the wizard.