We have Viewpoint v14 and unfortunately when users logon to the server, their passwords they use to connect to the viewpoint server is being sent in clear text. Our security folks are not happy. We went through the process to setup the SSL Configuration for Viewpoint to allow HTTPS communication, we were unable to disable the existing HTTP: connection option. If we logon through https:/ptservername version of our server the user passwords will connect, after a certificate error and their passwords are not in clear text. Unfortunately, there is nothing stopping the users from still using the old http:/ptservername connection, which still works and shows their passwords in clear text. Does anyone know how to rememdy this?
You can refer to the "Configuring All Teradata Viewpoint Access to be Over SSL" section of the Viewpoint Config guide, which states:
1 Log on to the Teradata Viewpoint server (Linux) as root.
2 Open /opt/teradata/viewpoint/portal/conf/web.xml.
3 Add the following XML block near the end of the file, immediately before the existing </
web-app> tag at the end of the file:
4 Save the web.xml file.
Thanks Stever. That is the exact process we followed and the new secured connection does work. Unfortunately, we just can see how to disable the old non-secured connection, which also works.
There were some addtional changes we tried, which I've listed below.
CONFIGURATION - PRD
I was looking through the knowledge base on Teradata’s website and found a fix to problems with SSL after an upgrade. Basically the server.xml and web.xml files were overwritten. They define how they should be written below.
I found these differences in our files: (You may have tried these and already put them back.)
we are missing the last line in red
<url-pattern>/c</url-pattern> we have a /* instead of /c
</security-constraint> our last line doesn’t have the forward slash
Once the files are edited; restart the Viewpoint service only. (/etc/init.d/viewpoint restart)
To determine if your Viewpoint server uses SSL you can review the server.xml and web.xml files. Sometimes only the server.xml file is edited, other times both the server.xml and web.xml files are edited.
<!-- Define the top level container in our container hierarchy -->
In order to fix the SSL configuration you need to do the following.
We made the changes listed above and the website would not come up at all, so I reverted it back.
There are improvements coming for this process in the next Viewpoint release. For now, this is the only feasible way to implement this. You can disable the HTTP connector on port 80 in the server.xml file, but then you don't get the redirect from HTTP to HTTPS and all users have to manually enter https://viewpoint.