Our DMS (one failover pair) is IP address based, so no hostnames are in place. We use IP addresses only at this moment.
I have configured the https as per user guide with the self signed certificate that lists the VIP IP address (and other IP addresses of that server) in SAN. The CN configured is the primary IP address of the server. First I kept the http binding in place too. With that configured I can properly connect from a WEB client over https. Cube app works well.
Secondly I removed the http binding. The WEB still works OK, but now I can’t connect with cube app.
I noticed that the previously opened cube app (one opened and logged in before http binding removal) is working fine and normally interact with the DMS.
So it seems the cube app uses http in the initial stage (probably downloading actual version). How to change this initial cube communication to https so cube app will work well?
Hi Bert, Robin,
both answers very useful. Indeed, in newer cube I'm able to force to HTTPS. First I obtained the warning saying the certificate is not trusted as shown above. After importing server certificate among trusted certificates on the client side, I'm able connect over https with cube.
Surely the certificate signed with trusted authority would be preferred, but this way I was able to prove the concept.
Many thanks.
Hi Miloš,
If you are on a recent version of the Cube Launcher, you can modify the settings for the button and select "HTTPS only" as the transport.
Alternatively, you can add the button again. In the dialog, it will be checked if HTTPS is working correctly and if so, the new button will be added with the "HTTPS only" option. If not, you will be able to see details about what is wrong with the HTTPS configuration.
Hi Milos!
Normally the FQDN's are used, but if the certificate holds the (V)IPs of the agents, that should be fine.
Do you only have this issue when connecting to the VIP? Or do you have the same when connecting to the agents themselves?
Did you have a look at DM Docs - Specifying auto-detection information for an inter-DMA HTTPS connection ? It sounds similar to your issue, so it might just be your solution.
Hi Robin,
I’m keeping the http binding for now so the autodetection shouldn’t be impacted. If we’ll disable the http in the future, we will consider this aspect. Thanks.