Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Virtualization Manager (VMAN) > VMAN 8.0 Administrator Guide > Configure advanced settings > Add an SSL certificate to Virtualization Manager

Add an SSL certificate to Virtualization Manager

You can replace the SSL certificate included with Virtualization Manager with one of your own.

When you use the su command (switch user), you open the computer to security risks. When you log in as root, you have full system privileges, and you can perform any commands. Some of these commands are destructive.

Add a self-signed SSL certificate

  1. Log in to the virtual appliance by using the console or an SSH connection.
  2. Enter the sudo su - root command.
  3. Go to the java bin folder on the virtual appliance. This is generally in the /usr/java/jdkX/bin folder, where X represents the jdk version number.
  4. Enter the following command, where mykeystore is the name of your new keystore and daysvalid is the number of days the certificate is valid:
    ./keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/hyper9/mykeystore -validity daysvalid

    If you use the default keystore, hyper9-keystore, you do not need to modify the server.xml file.

  5. When prompted, enter a new keystore password.
  6. Enter the required information for the new certificate.

    Provide your domain name instead of the first and last name. If you do not use the domain name for the name, you will continue to receive certificate errors.

    This information is displayed to users who try to access Virtualization Manager through a secure connection.

  7. Type yes when prompted to confirm your new key information.
  8. When prompted for the key password, enter the new keystore password.
  9. Modify the owner of the keystore by entering the following command, where mykeystore is the name of your keystore:
    chown hyper9:hyper9 /etc/hyper9/mykeystore
  10. Change the permissions on the keystore by entering the following command, where mykeystore is the name of your keystore:
    chmod 755 /etc/hyper9/mykeystore
  11. Go to /usr/share/tomcat-X/conf, and create a backup of the server.xml file.

    If you use the default keystore, hyper9-keystore, you do not need to modify the server.xml file.

  12. Open the server.xml file.
  13. Edit the connector entity to include the keystore location. The entity should look similar to the following:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
    keystoreFile="../../conf/hyper9-keystore"
    keystorePass="h9keystore"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    clientAuth="false"
    sslProtocol="TLS" />

  14. Save the server.xml file.

    After an upgrade, the certificate configuration reverts back the default self-signed certificate. To preserve your configuration, create a backup of the server.xml file located in /usr/share/tomcat-X/conf under a different name (for example, server.xml.beforeupgrade).

  15. Enter the service tomcat restart command to restart Tomcat.

If you receive "Untrusted site" errors after adding your certificate, see the KB article about Accepting an Unsigned Certificate.

Add a certificate from a certificate authority

You can add a certificate from a certificate authority, but SolarWinds Technical Support only assists you with adding a self-signed certificate.

For clarification, see the Tomcat help page, or the help page of your certificate authority.

  1. Log in to the virtual appliance by using the console or an SSH connection.
  2. Enter the sudo su - root command.
  3. Go to the java bin folder on the virtual appliance. This is generally found in the /usr/java/jdkX/bin folder, where X represents the jdk version number.
  4. Enter the following command, where mykeystore is the name of your new keystore:
    ./keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/hyper9/mykeystore
  5. When prompted, enter a new keystore password.
  6. Enter the required information for the new certificate.

    Provide your domain name instead of the first and last name.

  7. Enter yes when prompted to confirm your new key information.
  8. When prompted for the key password, enter the new keystore password.
  9. Modify the owner of the keystore by entering the following command, where mykeystore is the name of your keystore:
    chown hyper9:hyper9 /etc/hyper9/mykeystore
  10. Change the permissions on the keystore by entering the following command, where mykeystore is the name of your keystore:
    chmod 755 /etc/hyper9/mykeystore
  11. Enter the following command, where mykeystore is the name of your new keystore:
    ./keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore mykeystore
  12. Submit the certificate signing request to your certificate authority (CA).
  13. After the CA replies, copy the certificate and chain certificate to a permanent location in the virtual appliance.
  14. Navigate to the java bin folder.
  15. Import the chain certificate by entering the following command, where mykeystore is the name of your new keystore and chain_certificate_filename is the name of your chain certificate:
    ./keytool -import -alias tomcat -keystore mykeystore -trustcacerts -file chain_certificate_filename

    Chain certificates in .p7b file format are not supported by keytool.

  16. Go to /usr/share/tomcat-X/conf, and create a backup of the server.xml file.
  17. Open the server.xml file.
  18. Edit the connector entity to include the keystore location. The entity should look similar to the following:

    keystoreFile="../../conf/hyper9-keystore"
    keystorePass="h9keystore"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    clientAuth="false"
    sslProtocol="TLS" />

  19. Save the server.xml file.
  20. Enter the service tomcat restart command to restart Tomcat.
 
Last modified
09:02, 19 Sep 2017

Tags

Classifications

Public