To disable TLS for NFM-P XML API clients

Purpose

The following steps describe how to disable TLS for all XML API clients in order to support OSS clients in a non-secure environment.

Note: Disabling TLS on the XML API also disables TLS for all clients that use the XML API, and for NFM-P GUI clients. Browser-based clients are unaffected, and must use HTTPS for access.

Note: Disabling TLS on the XML API disables the REST API, which can operate only when secured using TLS.

CAUTION 

CAUTION

Service Disruption

Performing the procedure involves stopping and starting each main server, which is service-affecting.

You must perform the procedure only during a scheduled maintenance period of low network activity.

Note: You require the following user privileges on the main server station:

Note: The Bash shell is the supported command shell for RHEL CLI operations.

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

Steps
 

Perform the following steps on each main server station to stop the main server.

Note: In a redundant system, you must stop the standby main server first.

  1. Log in to the main server station as the nsp user.

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch to the root user:

    bash$ su ↵

  6. If the NFM-P is not part of a shared-mode NSP deployment, enter the following to display the nspOS service status:

    nspdctl status ↵

    Information like the following is displayed.

    Mode:     redundancy_mode

    Role:     redundancy_role

    DC-Role:  dc_role

    DC-Name:  dc_name

    Registry: IP_address:port

    State:    stopped

    Uptime:   0s

    SERVICE           STATUS

    service_a         inactive

    service_b         inactive

    service_c         inactive

    You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.


When the main servers are stopped, perform the following on each main server station.

  1. Enter the following:

    samconfig -m main ↵

    The following is displayed:

    Start processing command line inputs...

    <main>

  2. Enter the following:

    <main> configure oss no secure back ↵

    The prompt changes to <main configure>.

  3. Enter the following:

    <main configure> back ↵

    The prompt changes to <main>.

  4. Enter the following:

    <main> apply ↵

    The configuration is applied.

  5. Enter the following:

    <main> exit ↵

    The samconfig utility closes.


Perform the following on each main server station to start the main server.

Note: In a redundant system, you must start the primary main server first.

  1. Enter the following to switch back to the nsp user:

    exit ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash start ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.


Close the console window.


On each XML API client station, modify the URL that the client uses to reach the main server.

  1. Change https: to http:.

  2. Change the URL port value from 8443 to 8080.

End of steps