2 Replies Latest reply on Jun 13, 2014 9:45 AM by simonp73

    Virtualisation Manager and SSL from a CA

    simonp73

      Hi All

       

      I need to run Virtualization Manager 6.1 with an SSL fromour certificate authority.  However the instructions in the admin guide are a little unclear.  It says to edit the server.xml file to include the keystore location and the entity should look similar to the following:

       

      keystoreFile="../../conf/hyper9-keystore"

       

      keystorePass="h9keystore"

       

      SSLEnabled="true"

       

      maxThreads="150"

       

      scheme="https"

       

      secure="true"

       

      clientAuth="false"

       

      sslProtocol="TLS" />

       

       

      However, the closest I can find is:

       

       

          <!-- SSL service with self-signed certificate

               To avoid browser warnings, permanently accept the certificate, or

               replace the certificate tagged "tomcat" in /etc/hyper9/keystore

               with a local one. -->

          <Connector port="8443"

                     protocol="org.apache.coyote.http11.Http11NioProtocol"

                     keystoreFile="/etc/hyper9/keystore"

                     keystorePass="swvman"

                     SSLEnabled="true"

                     maxThreads="150"

                     scheme="https"

                     secure="true"

                     clientAuth="false"

                     sslProtocol="TLS"

                     ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_RC4_128_SHA,TLS_KRB5_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" />

       

       

      I cannot forn any mention of the CA SSL within the config file.

      Also the keystorefile is slightly different, do I need to add the keystorepass for my keystore?

      do I just change the keystorefile to min - /etc/hyper9/capital

      And the KeyPass to what I set it to for my keyfile?

       

       

      I'm just concerned that the information in the admin guide is different to what I see within the server.xml file and I'm loathed to change it

       

      Your help will be greatly appreciated

       

      Kindest Regards

      Simon