Versions Compared

Version Old Version 20 New Version 21
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You will need to convert your remote RS cert to PCKS12 format. Remember to use the domain name of your own remote RS server.

Code Block
breakoutModefull-width
openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key

...

Import the certificate into the RS keystore that Tomcat will use. Remember to use your password and keystore name

Code Block
breakoutModefull-width
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

Convert your certificate to PKCS12 format:

Code Block
breakoutModefull-width
openssl pkcs12 -export -in myapiserver.bcn.abiquo.com.crt -inkey myapiserver.bcn.abiquo.com.key -name myapiserver.bcn.abiquo.com -out import_cert_key

Import it to your .jks keystore file:

Code Block
breakoutModefull-width
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

Also configure the other parameters according to your environment.

Code Block
breakoutModefull-width
<Service name="Catalina">

        <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8009" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com"
           clientAuth="false" secretrequired="false" 
           sslProtocol="TLS"/>

...

For example, for the default cacerts keystore in a test environment.

Code Block
breakoutModefull-width
keytool -import -trustcacerts -alias myremoters.bcn.abiquo.com -file /etc/pki/abiquo/myremoters.bcn.abiquo.crt -cacerts

If you are using your own keystore on the API server, use the -keystore option to specify it.

...

Enable SSL proxy for Apache

...

At this point all configurations are done. Restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).

If you are using a self-signed certificate in a test environment, accept the remote RS certificates.
In your browser, open a connection to the remote RS server using the port. In our example, this would be: https://remoters.bcn.abiquo.com:8009/
Then go to Advanced and accept the risk.

Log in to Abiquo as a cloud administrator and add your remote RS using the HTTPS protocol.

...