Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »


This page describes how to use TLS to secure communications between an Abiquo Server a Remote Services server.

You can use this configuration whe a Remote Services Server is in a remote datacenter and the Abiquo Server will communicate with it over the internet.

Define a new HTTPS connector in remote RS Catalina

Replace your current remote RS catalina connector at:

/opt/abiquo/tomcat/conf/server.xml


Use your own keystore and configure the parameters in the following connector.

<Service name="Catalina">

        <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8009" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/abiquo/tomcat/conf/remoters.jks" keystorePass="changeit" keyAlias="myremoters.bcn.abiquo.com"
           clientAuth="false" secretrequired="false" 
           sslProtocol="TLS"/>

Import certificates on Remote RS

You will need to convert your remote RS certs to PCKS12 format.

openssl pkcs12 -export -in myremoters.bcn.abiquo.com.crt -inkey myremoters.bcn.abiquo.com.key -name myremoters.bcn.abiquo.com -out import_cert_key

Import it into the RS keystore that Tomcat is going to use:

keytool -importkeystore -deststorepass changeit -destkeystore remoters.jks -srckeystore import_cert_key -srcstoretype PKCS12

If you need to create a .jks keystore you can do it easily with the following command.

keytool -genkey -keyalg RSA -keystore remoters.jks -keysize 2048

Import Remote RS certificates on Abiquo server

On the API server that will connect to the Remote RS via HTTP, import the remote RS certificate.

keytool -import -trustcacerts -alias myremoters.bcn.abiquo.com -file /etc/pki/abiquo/myremoters.bcn.abiquo.crt -keystore cacerts

Enable SSL proxy for Apache

For AM connections to work with TLS (for template upload and download), check or enable SSL proxy for Apache
To do this, add the following config to your apache virtualhost config.

  ####APACHE SSL PROXY##########
  SSLProxyEngine On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  ##############################

Apply and verify

At this point all configurations are done. Restart both abiquo-tomcat services where changes have been made (in this scenario, remote RS and Abiquo Server).

You should be able now to add your remote RS using HTTPS protocol.

For Tomcat TLS troubleshooting, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved