Home
Installation, Deployment, and Upgrade
Installing Unica Discover involves planning and preparing your environment, installing and configuring prerequisite software, obtaining the Unica Discover installation files, and running the Unica Discover installer.
Discover Network Capture Application Manual
SSL Keys
For decrypting transmissions by using the SSL protocol, the Unica Discover Network Capture Application must be provided the SSL keys in use in the transaction stream.
Generating a Self-Signed Certificate
To generate a self-signed certificate, you must use the openssl utility to generate a private key and a self-signed certificate for that key.

Installation, Deployment, and Upgrade
Installing Unica Discover involves planning and preparing your environment, installing and configuring prerequisite software, obtaining the Unica Discover installation files, and running the Unica Discover installer.
- Installation and Deployment Manual
- Discover Network Capture Application Manual
  - Discover Network Capture Application Overview
    Network Capture Application from Discover captures and records the complete interaction between the visitor and the web application environment by using a network tap or network switch spanning port. The Network Capture Application software features the following benefits:
  - Installing the Network Capture Application
    The following instructions can be used to assist the installation of your Network Capture Application software.
  - Configuring the DNCA
    The Unica Discover Network Capture Application can be configured through a web-based console or through the configuration files that are stored on the DNCA server. The following information guides you on how to configure the DNCA.
  - Upgrade for DNCA
    It is recommended that you always use the latest version of the Unica Discover Network Capture Application suitable for your version of Unica Discover.
  - Packet Forwarder Overview
    The Packet Forwarder is used to capture and forward hits to a cloud-based DNCA that is operating on a virtual machine.
  - SSL Keys
    For decrypting transmissions by using the SSL protocol, the Unica Discover Network Capture Application must be provided the SSL keys in use in the transaction stream.
    - Encrypted SSL Key Setup
      To decrypt SSL connections, customers must provide the DNCA software with their valid SSL keys.
    - Exporting the SSL private key
      In cases where web application traffic is transmitted over HTTPS, the DNCA software must be configured to decrypt the SSL connections. This configuration requires exporting a copy of the private key from an existing web server to the DNCA software.
    - Generating a Self-Signed Certificate
      To generate a self-signed certificate, you must use the openssl utility to generate a private key and a self-signed certificate for that key.
      - Using SHA-2 algorithm to generate the self-signed certificate
        By default, the openssl command uses the SHA-1 algorithm to generate the self-signed certificate on the DNCA.
  - Performance Measurement
    Performance measurement provides details on the Network Capture software performance and timestamp measurements.
  - Configuring DNCA on Red Hat Enterprise Linux™ (RHEL)
    The following sections contain important information for configuring DNCA in a Red Hat Enterprise Linux™ environment:
  - DNCA monitoring
    You can monitor the passive capturing to diagnose performance issues.
  - Overview of DNCA maintenance
    The maintenance utility performs routine maintenance and logging tasks for Discover DNCA. You can use the utility to help maintain the ability of the DNCA to perform DNCA.
  - DNCA frequently asked questions (FAQ)
    The following content contains frequently asked questions or scenarios that can be used to help isolate or fix an issue with your Network Capture Application.
  - Downloading Privacy Configuration
  - Enabling web console access through a single IP address
    You can specify a single IP address which can access the web console. Limiting access to a single IP address helps to prevent unauthorized access through an unknown system.
  - Applying authentication when accessing the web console
    You can improve security by enabling authentication to the web console.
- Unica Discover Session Archiving Installation Guide
  As you prepare for an installation, you need to gather some items, review hardware and software requirements, and then you can perform the installation.
- Discover Upgrade Manual

Generating a Self-Signed Certificate

To generate a self-signed certificate, you must use the openssl utility to generate a private key and a self-signed certificate for that key.

About this task

The Discover-DNCA package provides the openssl utility in the directory /usr/local/dncauser/bin.

The following steps assume that you logged in to the DNCA host machine as user root. To generate a self-signed certificate:

Procedure

Generate the private key. The following example generates a 2048-bit RSA key file named example.key:
```
/usr/local/dncauser/bin/openssl genrsa -out example.key 2048
```
Generate the self-signed certificate. The following example generates a self-signed certificate file named example.crt by using the private-key file example.key generated in step 1. With option -days 365, the certificate is valid for the next 365 days (one year):
```
/usr/local/dncauser/bin/openssl req -x509 -days 365 -newkey rsa:2048 -key \
  example.key -out example.crt
```
The openssl req command interactively prompts for various values. The following table displays the prompts and sample replies:

Prompt

Sample Reply

Country Name (2 letter code)

US

State or Province Name (full name)

California

Locality Name (for example, city)

San Francisco

Organization Name (for example, company)

Unica Discover

Organizational Unit Name (for example, section)

Release Engineering

Common Name (for example, YOUR name)

DNCA.Discover.com

Email Address

root@DNCA.Discover.com

The common name must be the fully qualified DNS name of the DNCA host machine. If the host machine does not have a DNS name that is assigned to it, then use the IP address of the machine.
Now, set the appropriate file ownership and permissions:
1. All private key files must be readable only by the user account that needs read access to the file. The following chmod and chown commands set the ownership and permissions so that only the capture processes running as user dncauser can access file example.key:
```
chmod go= example.key
chown dncauser example.key
```
2. Place the files in a directory accessible by the user account. For certificate and key files that are used by the Network Capture software, place the files in directory /usr/local/dncauser/etc.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.