Versions Compared

Version Old Version 18 New Version 19
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Change our example values to the values for your environment.

For example, replace “myremoters.bcn.abiquo.com” with the domain name of your remote RS server.

And remplace “remoters.jks” with the name of your server keystore.

...

Import certificates on Remote RS

You will need to convert your remote RS cert to PCKS12 format. Remember to use the domain name of your own remote RS server.

Code Block
openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key

Create a .jks keystore. For a basic test environment, you can use the command below and use the name of your remote RS server

Note

For a production environment, you must configure the keystore according to advice from your Security team

Code Block
keytool -genkey -keyalg RSA -keystore remoters.jks -keysize 2048

Import the certificate into the RS keystore that Tomcat will use. Remember to use your password and keystore name

Code Block
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

Import API server certificate to remote RS server

In the remote RS server’s .jks keystore, there should also be an entry for API server.

Copy the API server certificate to the remote RS server.

Import it in the same way as the RS server certificate in the previous steps.

Convert your certificate to PKCS12 format:

Code Block
openssl pkcs12 -export -in myapiserver.bcn.abiquo.com.crt -inkey myapiserver.bcn.abiquo.com.key -name myapiserver.bcn.abiquo.com -out import_cert_key

Import it to your .jks keystore file:

Code Block
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

Verify API server location path on remote RS server

On remote RS server, check in the abiquo properties file at:

Code Block
/opt/abiquo/config/abiquo.properties

Check the abiquo.server.api.location property.

The value should contain “https” and no port number.

For example, https://myapiserver.bcn.abiquo.com/api.

...

Define a new HTTPS connector in remote RS Catalina

Log in to On the remote RS as an administrator.Edit server, edit the Tomcat server configuration file at:

...

Code Block
<Service name="Catalina">

        <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8009" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com"
           clientAuth="false" secretrequired="false" 
           sslProtocol="TLS"/>

...

Import

...

remote RS

...

Code Block
openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key

Create a .jks keystore. For a basic test environment, you can use the command below and use the name of your remote RS server

Note

For a production environment, you must configure the keystore according to advice from your Security team

Code Block
keytool -genkey -keyalg RSA -keystore remoters.jks -keysize 2048

Import the certificate into the RS keystore that Tomcat will use. Remember to use your password and keystore name

Code Block
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

Import remote RS certificates on Abiquo server

...

Code Block
####APACHE SSL PROXY##########
  SSLProxyEngine On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  ##############################

Import API server certificate to remote RS server

In the remote RS server’s .jks keystore, there should also be an entry for API server.

Copy the API server certificate to the remote RS server.

Import it in the same way as the RS server certificate in the previous steps.

Convert your certificate to PKCS12 format:

Code Block
openssl pkcs12 -export -in myapiserver.bcn.abiquo.com.crt -inkey myapiserver.bcn.abiquo.com.key -name myapiserver.bcn.abiquo.com -out import_cert_key

Import it to your .jks keystore file:

Code Block
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

Verify API server location path on remote RS server

On remote RS server, check in the abiquo properties file at:

Code Block
/opt/abiquo/config/abiquo.properties

Check the abiquo.server.api.location property.

The value should contain “https” and no port number.

...

...
Apply and verify
At this point all configurations are done. Restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).
...