COP Security enhancement for Monitor/SOP communication
    • Dark
    • PDF

    COP Security enhancement for Monitor/SOP communication

    • Dark
    • PDF

    Article summary

    For ControlUp On-Premises (COP) version 8.7 and all higher versions, you must use a JSON Web Token (JWT) to connect any ControlUp Monitor to Solve On-Premises (SOP). The following article walks you through the steps required to implement this security feature.

    • Several private keys are created when you create a new SOP appliance.
      Each SOP appliance generates dedicated unique keys that are only valid for the appliance they are generated on.
    • The keys are stored in a file on the SOP server machine and must be imported to the COP server.
    • The keys are used to create dedicated JWT tokens to apply when connecting to Solve.
    • Without a valid import, you can't access Solve.

    How to import JWT to COP

    Step 1. Download the JWT from the SOP Server

    Connect to the SOP server with the cuadmin user via SSH, switch to the root user with sudo -i, and navigate to /opt/sib_volumes/sop-cert.
    You can copy the JSON file to the COP server using WinSCP or any other file transfer software.

    Alternatively, if you have PuTTY installed on your computer, open the file with the following command and mark the content to automatically copy the content to your clipboard.

    cat /opt/sib_volumes/sop-cert/sop_YYYMMDDhhmm.json

    Step 2. Apply the JWT keys on the ControlUp Server

    Once you copied the JSON file to your COP server, open the COP server configuration by right-clicking ControlUp Server > Change. Select Solve On-Premises Configuration and browse the JSON file you copied from your SOP server.

    The file will be validated, in case of any issue an explicit error will display. After importing the JSON file, you can use Solve On-Premises as usual.

    How Can I Generate a New JWT?

    On the SOP server, run the script /opt/scripts/

    Copy the newly generated JWT to the COP server and import the json file, as explained above.

    Where Is The JWT Stored?

    The encrypted private key is stored on the COP server in the registry key HKLM\SOFTWARE\Smart-X\ControlUpServer\SOLVE


    • ServerName
    • Port
    • JwtTokenKey
    • JwtKeyString
    • JwtIVString

    The JWT keys will be stored after encryption with the SHA256 algorithm.

    Was this article helpful?