Versions Compared

Version Old Version 13 New Version 14
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Replace your current remote RS catalina connector inat:

Code Block
/opt/abiquo/tomcat/conf/server.xml


Use your own keystore and configure the parameters in the following connector.

Code Block
<Service name="Catalina">

        <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8009" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com"
           clientAuth="false" secretrequired="false" 
           sslProtocol="TLS"/>

...

...
Import certificates on Remote RS
You will need to convert your remote RS certs to PCKS12 format.
 Code Block
openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key
Import it into the RS keystore Tomcat is keystore that Tomcat is going to use:
 Code Block
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12
If you need to create a .jks keystore you can do it easily :with the following command.
 Code Block
keytool -genkey -keyalg RSA -keystore remoters.jks -keysize 2048
...
Import Remote RS certificates on Abiquo server
Import On the remote RS certificate into API server that is going to will connect to the Remote RS via HTTP, import the remote RS via HTTPS:certificate.
 Code Block
breakoutModewide
keytool -import -trustcacerts -alias myremoters.bcn.abiquo.com -file /etc/pki/abiquo/myremoters.bcn.abiquo.crt -keystore cacerts
...
Enable SSL proxy for Apache
You might need to enable SSL proxy for Apache, for For AM connections to work with TLS (for template upload and download. ), check or enable SSL proxy for Apache 
To do this, add this the following config in to your apache virtualhost config:.
 Code Block
  ####APACHE SSL PROXY##########
  SSLProxyEngine On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  ##############################

...
At this point all configurations are done. You should restart Restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).
You should be able now to add your remote RS using HTTPS protocol.
For Tomcat TLS troubleshooting, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html