Versions Compared

Version Old Version 23 New Version 24
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This page describes how to use TLS/HTTPS to secure communications between an Abiquo Server and a “remote Remote Services” (Remote Services server in a remote location, which is called a remote RS) server
. You can use this configuration when a Remote Services Server is in a remote datacenter and the Abiquo Server will communicate with it , for example, when communications are over the internet.

Warning

This document explains how to configure a test environment and it gives examples for a test environment.

When configuring your production environment, always follow the advice of your Security team.

...

Code Block
breakoutModefull-width
openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key

Create a .jks keystore. For a basic test environment, you can use the command below and use the name of your remote RS server.

...

Import the certificate into the RS keystore that Tomcat will use. Remember to use your password and keystore name.

Code Block
breakoutModefull-width
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

In the remote RS server’s .jks keystore, there should also be an entry for API server.

...

Code Block
breakoutModefull-width
openssl pkcs12 -export -in myapiserver.bcn.abiquo.com.crt -inkey myapiserver.bcn.abiquo.com.key -name myapiserver.bcn.abiquo.com -out import_cert_key

Import it to your .jks keystore file:

Code Block
breakoutModefull-width
keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

...

On remote RS server, check in the abiquo.properties file at:

Code Block
/opt/abiquo/config/abiquo.properties

...

The important values to change are:

  • keystoreFile - e.g. use the host name of your remote RS server

  • keystorePass - use a secure password

  • keyAlias - you must use the domain name of your remote RS server

Also configure the other parameters according to your environment.

...

For example, for the default cacerts keystore in a test environment.

...

Log in the API/UI server as an adminstratoradministrator.

Edit the Apache configuration at /etc/httpd/conf.d/abiquo.conf.

...

At this point all configurations are done. Restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).

...