Set Up Transport Security
VTune Profiler Server web site is accessible via encrypted HTTPS connection. HTTPS requires a Transport Layer Security (TLS) certificate. Depending on your
deployment mode, you can use different types of TLS certificates.
Self-Signed TLS Certificate
The self-signed certificate is automatically generated when the VTune Profiler Server is started. No additional actions are required from the user who starts the server, but the web browser will provide a warning that the server certificate is not trusted and will ask for a confirmation to proceed.
Signed TLS Certificate
You are recommended to use properly signed TLS certificates so that web browsers automatically validate authenticity of the VTune Profiler Server. Such certificate should be provisioned by your company IT department.
To set up the transport security, the Admin should follow these steps:
- Provide the signed TLS certificate to users of the VTune Profiler Server.Make sure to include the VTune Profiler Server DNS name to eitherCommon NameorAlternative Domain Names.For example, if the URL to access the VTune Profiler Server ishttps://vtune.lab01.myorg.com, the TLS certificateCommon Nameshould bevtune.lab01.myorg.com, orvtune.lab01.myorg.comshould be included intoAlternative Domain Names.
- Start the VTune Profiler Server as follows:vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.pfx --tls-certificate-password-path /path/to/cert_password.txtYou can also enter the certificate password interactively by using the--tls-certificate-passwordoption instead of--tls-certificate-password-path. In this case, the VTune Profiler Server will prompt to enter the password:vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.pfx --tls-certificate-password Certificate password:If the certificate private key is stored in a separate file, use the--tls-certificate-keyoption:vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.crt --tls-certificate-key /path/to/vtune.lab01.myorg.com.key