forked from oVirt/ovirt-vdsmfake
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.ssl
23 lines (18 loc) · 1.1 KB
/
README.ssl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
To configure Tomcat for SSL, execute the following commands:
1. Create a PKCS12 certificate.
Run the following utility:
ovirt.git/packaging/bin/pki-enroll-pkcs12.sh --name=<<name>> --password=<<password>> --subject="/C=us/O=ACME/OU=People/CN=Dummy"
2. Install the generated certificate in Tomcat.
Open TOMCAT/conf/server.xml
Remove the remark on the SSL connector and change its port (54321 is the VDSM default port, but anyone can be set. See vds_static table in postgres).
Add the following attributes to the SSL connector:
keystoreFile="<<GENERATED_FILE_LOCATION>>" keystorePass="<<password>>" keystoreType="PKCS12"
3. Start tomcat
To configure JSON for SSL, execute the following commands:
1. vi TOMCAT/bin/setenv.sh (if needed, create this file and chmod +x it)
Add the following line:
JAVA_OPTS="$JAVA_OPTS -Dfake.host= -Dfake.truststore= -Dfake.keystore=
2. Edit your web.xml file and set "jsonSecured" to "true"
-Dfake.host= ip of vdsmfake>
-Dfake.truststore= fullpath to your pki file
-Dfake.truststore= your java home certes e.g /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.0.fc20.x86_64/jre/lib/security/cacerts