REST API via HTTPS

Last post 10-29-2018, 2:01 AM by OzStu. 7 replies.
Sort Posts: Previous Next
  • REST API via HTTPS
    Posted: 08-14-2018, 1:24 AM

    Hi Folk,

     

    I've been playing (successfully) with REST to do various things, using HTTP on port 81.

    But is it possible to use HTTPS?  And which port would that use?

     

    Thanks in advance :)

     

    Stuart

  • Re: REST API via HTTPS
    Posted: 08-14-2018, 10:30 AM

    You can use the REST API both via Web Server on port 81 (HTTP), or you can also make the call through the Web Console as well via HTTPS, using /webconsole/api as the base URL, instead of the usual /SearchSvc/CVWebService.svc/.

    That way if the concern is making calls from an untrusted network segment into Commvault, you can make the call through the Web Console and only expose the Web Console in the DMZ, keeping the Web Server in a trusted network.

    Alternatively, if you do want to go for a zero trust network (HTTPS Everywhere), then you would have to change the port binding on IIS, add a SSL certificate and then modify the Web Console so it knows to use the web server on an alternative port - see http://documentation.commvault.com/commvault/v11/article?p=50488.htm for more details.

    Hope this helps!


    Cheers,
    Luke
    (@cv_skywalker)
  • Re: REST API via HTTPS
    Posted: 08-15-2018, 8:23 PM

    That should work :)


    But of course, we now run into problems with untrusted certificates.

     

    on a side note, do you know much about the PowerShell functions documented at the bottom of the API test page:

    https://api.commvault.com/#c37ef9fc-db1c-40ef-bf8f-a47250eaff52 

     

    (especially, if there is a CV module to download?)

     

    Cheers,


    Stuart Walker

  • Re: REST API via HTTPS
    Posted: 10-15-2018, 1:22 AM

    HI Luke,

     

    I've just tried to add HTTPS to the REST API web server (IIS) but it doesn't seem happy with using it for the App.

     

    I added the certificate to IIS, and added a binding on the console folder for port 8443 for https, but when I navigate to the address in chrome, I get the error:

     

    Server Error in '/SearchSvc' Application.


    The resource cannot be found.

    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

    Requested URL: /SearchSvc/CVWebService.svc

     

     

    If I navigate to the URL for standard http (port 81) it says

    WebService is Running! Monday, October 15, 2018, 4:21:15 PM

     

    Is it possoble to run it under https?

     

    Cheers,Stuart

  • Re: REST API via HTTPS
    Posted: 10-15-2018, 9:07 AM

    To answer your previous point - yes, we do ship with a self-signed certificate for SSL but the way to solve that is to replace the certificate on your Web Console nodes with a certificate from a trusted Certificate Authority, whether Enterprise or 3rd-party.

    Example from live environment:

    https://www.dropbox.com/s/823d4dspc9keljy/Screen%20Shot%202018-10-15%20at%208.59.52%20AM.png?dl=0

    (image upload broken for some reason, so here have this link instead)

    As for putting SSL on the Web Server, instead of the front-end Web Console nodes, let me look deeper into it - it should have accepted the change but clearly I'm missing something here.  I'll let you know what I find out shortly.


    Cheers,
    Luke
    (@cv_skywalker)
  • Re: REST API via HTTPS
    Posted: 10-15-2018, 7:32 PM

    THanks Luke :)

     

    I'm about to tackle the Tomcat cert too, I don't fully understand all the components, but the instructions seem detailed :) (I thought the IIS cert would be simple!)

  • Re: REST API via HTTPS
    Posted: 10-17-2018, 9:59 AM

    Hi OzStu,

    You should only need one extra step after the cert you've installed into IIS - you will need to redefine the BaseUrl setting on each Web Console (apply directly, or at Client Computer Group level).

    Name:  baseUrl

    Category: WebConsole

    Type: STRING

    Value:  https://webservername:81/SearchSvc/CVWebService.svc/

    ^^^ note I've set "https", not "http"

    Once set - restart Tomcat services on the Web Console node(s).

    If you're curious as to what it's set to now, have a quick look at the adminConsole.log - on startup it'll show its default entrys as loaded in from registry cache:

    sample:

      2 09/18 14:39:29    DEBUG LogbackConfigBase:log:81 -     WebConsole\baseUrl==[http://WEBSERVER1.xyz.internal:81/SearchSvc/CVWebService.svc/] <from registry cache batch-load>


    Cheers,
    Luke
    (@cv_skywalker)
  • Re: REST API via HTTPS
    Posted: 10-29-2018, 2:01 AM

    Hi Luke,

     

    Haven't had a chance to play with this earlier, but I'm still running into problems.  I'd really like to be 'https everywhere' but I can't seem to get the cert to work for the IIS instance. (I do have it working for the tomcat side though!)

    I couldn't actually modify the existing IIS binding to HTTPS, so I added another one as port 8443 with the new certificate (or do I have to delete the existing binding and put in  a new https binding for port 81?)

    I went in an added an "additional setting" for the the web server (it's all on the one VM)

     

    In the adminConsole.log it was originaly reporting:

    3 10/29 15:48:57    DEBUG LogbackConfigBase:log:81 -     WebConsole\baseUrl==[http://<webserver>:81/SearchSvc/CVWebService.svc/] <from registry cache batch-load>

     

    and after the setting it's now reporting:

    3 10/29 16:31:47    DEBUG LogbackConfigBase:log:81 -     WebConsole\baseUrl==
    [https://<webserver>:8443/SearchSvc/CVWebService.svc/] <from registry cache batch-load>

     

    and restarted all CV services, but the api interface is still reporting 

     

    Server Error in '/SearchSvc' Application.


    The resource cannot be found.

    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

    Requested URL: /SearchSvc/CVWebService.svc

     

    Cheers,

    Stuart

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy