...
In some scenarios you might want to use secure communications between an Abiquo Server and a remote datacenter running an Abiquo Remote Services appliance (for instance they might communicate over the Internet). In this case it's advisable to secure your Tomcat communications.
Define a new HTTPS connector in remote RS Catalina
Changing the connector
Replace your current remote RS catalina connector in:
...
Have in mind you will have to point to a keystore and also configure the rest of parameters accordingly.
Importing the certificates
Remote RS
You will need to convert your remote RS certs to PCKS12 format
...
| Code Block |
|---|
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12 |
Abiquo Server
Import the remote RS certificate into API server that is going to connect to the remote RS via HTTPS:
| Code Block |
|---|
keytool -import -trustcacerts -alias myremoters.bcn.abiquo.com -file /etc/pki/abiquo/myremoters.bcn.abiquo.crt -keystore cacert |
Enable SSL proxy for Apache
You might need to enable SSL proxy for Apache, for AM connections to work through SSL, for it, add this config in your apache virtualhost config:
| Code Block |
|---|
####APACHE SSL PROXY########## SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ############################## |
Apply and verify
At this point all configurations are done. You should restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).
...