Set Up Transport Security
VTune Profiler Server web site is accessible via encrypted HTTPS connection. HTTPS requires a Transport Layer Security (TLS) certificate. Depending on your deployment mode, you can use different types of TLS certificates.
Self-Signed TLS Certificate
The self-signed certificate is automatically generated when the VTune Profiler Server is started. No additional actions are required from the user who starts the server, but the web browser will provide a warning that the server certificate is not trusted and will ask for a confirmation to proceed.
Signed TLS Certificate
You are recommended to use properly signed TLS certificates so that web browsers automatically validate authenticity of the VTune Profiler Server. Such certificate should be provisioned by your company IT department.
To set up the transport security, the Admin should follow these steps:
Provide the signed TLS certificate to users of the VTune Profiler Server.
Make sure to include the VTune Profiler Server DNS name to either Common Name or Alternative Domain Names.
For example, if the URL to access the VTune Profiler Server is https://vtune.lab01.myorg.com, the TLS certificate Common Name should be vtune.lab01.myorg.com, or vtune.lab01.myorg.com should be included into Alternative Domain Names.
Start the VTune Profiler Server as follows:
vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.pfx --tls-certificate-password-path /path/to/cert_password.txt
You can also enter the certificate password interactively by using the --tls-certificate-password option instead of --tls-certificate-password-path. In this case, the VTune Profiler Server will prompt to enter the password:
vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.pfx --tls-certificate-password Certificate password:
If the certificate private key is stored in a separate file, use the --tls-certificate-key option:
vtune-backend --tls-certificate /path/to/vtune.lab01.myorg.com.crt --tls-certificate-key /path/to/vtune.lab01.myorg.com.key