FAQ

Most Popular

Load More

Latest

We strongly recommend to access the Muse Proxy service securely over HTTPS. This is required because almost all content vendor platforms accessed through Muse Proxy rewriting are using the secure protocol, and the same level of security must be matched by Muse Proxy as well. Furthermore, the rewriting of some platforms may not work without https:// access. For this purpose, a wildcard SSL certificate from a trusted Certificate Authority must be configured in Muse Proxy. By default Muse Proxy comes with a self-signed certificate, the default port for https:// access is 9443. For production systems we recommend using the standard port 443. Because Muse Proxy is a Java application, the SSL related items, Private key and Certificate must be stored in a Java standard KeyStore file type. In the Java KeyStore format the Certificate and Private Key are grouped in a single Key Pair with a password, and the KeyStore itself is also having a password. For simplicity reasons there should be a single Key Pair in the KeyStore and the Key Pair must have the same password as the KeyStore. Starting with Muse Proxy version 5.1 Build 02, it is possible to manage the keystores from the Muse Proxy Administrator Console, thus operations like certificate renewal or configuring the certificate for the first time can be done from the console. In all cases, either it is a renewal or a first time configuration, the steps are mainly the same:
  1. Create a new keystore;
  2. Assign the newly created keystore;
  3. Restart the Muse Proxy service.
Important: Both the certificate as obtained from the CA and private key must be in DER or PEM formats. The private key must be unencrypted. The steps are detailed below. 1) Create a new keystore
  • Access the Muse proxy Administrator Console at URL: https://{MuseProxyHost}:{MuseProxySSLPort}/admin/ where {MuseProxyHost} is the proxy Host Name and {MuseProxySSLPort} is the value of the SSL_PORT field from ${MUSE_HOME}/proxy/MuseProxy.xml configuration file (default is 9443). If the value of {MuseProxySSLPort} is 443 (default value for HTTPS connections) then this can be omitted from the URL. If it is the first CA signed SSL certificate assignment, you will get a browser security warning about the selfsigned certificate like “Your connection isn’t private”, access the “Continue” link.
  • Select from the left menu “Server KeyStores” option to expand, then “Available KeyStores“. Click on “Create” button;
  • In the new page are available 3 methods for creating a new keystore, the first one is for creating with a selfsigned certificate, this method must be used only for test purposes, not in production. The other two methods are further described, use only one of them , which suits you best.
    • KeyStore by Key Pair Import. In the “KeyStore details” section provide the filename with which the keystore will be saved on disk and the password to be set for the keystore. In the “Certificate” section the certificate and unencrypted private key must be provided, either by pasting their content, PEM format, or by uploading them as files in PEM or DER formats. A sample picture is provided below. Click the “Import” button when all inputs are filled in with the proper content. Upon success you should get a notification popup like below:
    • KeyStore by Upload. This assumes the keystore file is already available, created externally by using the JDK command line tool – keytool or through a dedicated certificates handling software like CERTivity® KeyStores Manager. More details on how to generate the keystore file externally can be found in the Muse Proxy Advanced Configuration.pdf manual, chapter 2.3 SSL KeyStore File. When uploading it, the keystore password is requested, and the name with which to be saved on disk, if different.
2) Assign the newly created keystore
  • Select from the left menu “Server KeyStores” option to expand, then “Assigned KeyStores“;
  • In the assigned keystores page, the current keystore in use is displayed:
  • Click the “Edit” icon from the “Action” row and in the editing dialog, select the new keystore from the “Available KeyStores” dropdown.
  • Click the “Save” button.
3) Restart the Muse Proxy service from the server’s console, e.g. on a Windows based server from the Services Management Console, on a Linux server by issuing a stop command (/etc/init.d/museproxy stop) and a minute late the start command (/etc/init.d/museproxy start).   When done, you can verify the new certificate by accessing in a browser the Muse Proxy service on https://. The browser will issue warnings if the SSL connection is not secure. To view the certificate details, locate and click the padlock next to the URL, the next steps depend on the browser as they are different depending on the browser. You can refer here to an online article for the exact steps to view the SSL certificate details in every well known browser.

We encountered cases on some Windows distributions when the Muse Proxy Windows Service fails to start, usually an error like below can be found in the Windows Event Viewer:

“The LoadLibrary function failed for the following reason: The specified module could not be found.”

The fix consists in adding into the Path system environment variable the path to the Java bin folder. For example, if your Java installation folder is

C:\Program Files\Java\jdk1.8.0_73

then add the following string to the beginning of the value for the Path environment variable:

C:\Program Files\Java\jdk1.8.0_73\bin;

Note that the separator between the entries from the Path variable is the semicolon (;) .
Details for how to update the Path variable for some Windows distributions can be found here:

http://www.java.com/en/download/help/path.xml

After doing this, start the Muse Proxy Service from the Windows Services management console
or by typing in a command prompt window the following command:

net start “Muse Proxy Server”

Certain kinds of Antivirus software automatically change the extension when downloading a file with exe extension via HTTP (eg. muse-win32.exe is renamed to muse-win32.1.2D0D17.efw). You should just rename the file to muse-win32.exe and run the executable.

More details about the .efw extension are available here: http://www.fileinfo.net/extension/efw

One can specify an IP address for Muse Proxy to listen on for connections. By default, Muse Proxy listens on all IP addresses, on all interfaces.

This setting can be changed in the ${MUSE_HOME}/proxy/MuseProxy.xml file by specifying an IP address in the "" field.

For Muse Proxy service to correctly work on Windows 64-bit systems you must install Muse Proxy either using the muse-proxy-setup.jar file or the executable file (muse-proxy-win32.exe). In the latter case you must set JAVA_HOME environment variable to the location of the 64-bit Java.

If no JAVA_HOME is defined and there are both 32-bit JAVA and 64-bit JAVA when installing Muse Proxy using muse-proxy-win32.exe file, then 32-bit JAVA will be used and Muse Proxy Service will not work correctly.

If JAVA_HOME is set to the location of the 64-bit JAVA and there are both 32-bit JAVA and 64-bit JAVA, then the JAVA used will be 64-bit JAVA, thus the services will work correctly.

Load More