...
Log in to the Remote Services server as an administrator
Go to the
/etc/pki/tls/folderCopy your self-signed Remote Services certificate (and API certificate(s)), or wildcard certificate to the
certsfolder and your private key to theprivatefolderConvert your certificates to PCKS12 format. For a wildcard certificate, do this for each server and enter its fully qualified domain name.
For the Remote services server, replace
${DOMAINCERT_NAME}with your certificate name and replace${REMOTE_SERVICES_FQDN}with the domain name of your remote RS server.Code Block openssl pkcs12 -export -in ${DOMAINCERT_NAME}.crt -inkey ${DOMAINCERT_NAME}.key -name ${REMOTE_SERVICES_FQDN} -out import_cert_key_rsFor the API server, replace
${DOMAINCERT_NAME}with your certificate name and replace${ABIQUO_SERVER_FQDN}with the domain name of your Abiquo API server.Code Block openssl pkcs12 -export -in ${DOMAINCERT_NAME}.crt -inkey ${DOMAINCERT_NAME}.key -name ${API_SERVER_FQDN} -out import_cert_key_server
Go to the
/opt/abiquo/tomcat/conffolderCreate a
.jkskeystore with the same name as the hostname of your Remote services server.
This keystore configuration is suitable for a test environment onlyCode Block keytool -genkey -keyalg RSA -keystore {REMOTE_SERVICES}.jks -keysize 2048Import the Remote services certificate into the keystore for Tomcat to use
Code Block keytool -importkeystore -deststorepass changeit -destkeystore ${REMOTE_SERVICES}.jks -srckeystore import_cert_key_rs -srcstoretype PKCS12Import the API server certificate into the keystore for Tomcat to use
Code Block keytool -importkeystore -deststorepass changeit -destkeystore ${REMOTE_SERVICES}.jks -srckeystore import_cert_key_server -srcstoretype PKCS12
...
| Code Block |
|---|
keytool -import -trustcacerts -alias ${REMOTE_SERVICES_FQDN} -file /etc/pki/abiquo/${DOMAINCERT_NAME}.crt -cacerts |
If you are using a self-signed certificate, also import your CA certificate.
...