Advanced Alerting Configuration
      Back to home
      1. ProTop Knowledge Base
      2. Advanced Alerting Configuration

      SSL / Secure Socket Layer for ProTop

      How to configure ProTop to communicate over SSL.

      Requirements:
      • Hashed certificate file from the server you want to communicate with via SSL in $PROTOP/certs - delivered with ProTop
      • $PROTOP/bin/localenv[.bat] containing the line:  export PORTALPORT=443
      • $PROTOP/bin/localenv[.bat] containing the line:  export PORTALOPTIONS='-ssl -nohostverify'
      • $PROTOP/etc/[custid].pf containing the line: -certstorepath [PROTOPDIR]/certs

      All OSes 

      NOTE: On Windows, where you see "export" below, replace it with "set"

      1. Add to [PROTOPDIR]/bin/localenv (copy bin/localenv[bat].x to bin/localenv[.bat] if not present):

      export PORTALPORT=443
      export PORTALOPTIONS='-ssl -nohostverify'

      Ex:

      2. Add to [PROTOPDIR/etc/[custId].pf:

      -certstorepath [PROTOPDIR]/certs

      Ex:

      3. Close your terminal session and start another to clear your environment variables.

      4. Restart ProTop

      5. Verify alerts/data is again flowing to the Portal.

      Troubleshooting

      1. Set ProTop debug level to 5 using pt3agent.[resrc].dbg in Protop’s tmp directory:

      cd [PROTOPDIR]/tmp
      echo 5 > pt3agent.proddb.dbg

      2. Restart ProTop

      3. Then review $PROTOP/log/pt3agent.[resrc].log file for error messages.

      Common problem:

      Can’t find issuer certificate:

      2020/08/06 22:50:28.790-04:00 0 Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for xxxxxxxx.0 in <path>/certs (9318)
      2020/08/06 22:50:28.791-04:00 9407 Connection failure for host <dashboard> port 443 transport TCP. (9407)
      2020/08/06 22:50:28.791-04:00 newSocket: Connection to HTTP server: <dashboard> port 443 is unavailable.

      Solution:

      1. Ensure the certificate file exists in [path]/certs and has the required permissions
      2. Make sure -certstorepath [path to certificate] is valid in [PROTOPDIR]/etc/[custid].pf or [etc]/friendlyName.pf]
      3. If the portal uses more than one certificate, you may need to place all of the portal’s certificates individually in ProTop’s certs directory.  Save each BEGIN...END in the bundle.crt above into its own file, hash and save each to your certs directory
      4.  Potential workaround:  Place copies of the portal certificates in your $DLC/certs directory