Filter
Top Products
Chapter 5. Installing CloudPlatform Management Server
22
b. Generate a certificate signing request (CSR) with appropriate values:
# openssl req -new -key cloud.key > cloud.csr
To know more about generating Private Key and Certificate Signing Request (CSR)
for an existing Java keystore and import certificate signed by external SSL authority on
CloudPlatform management service, see http://support.citrix.com/article/CTX136431
c. Submit the CSR to a certificate authority (for example, DigiNotar) and get the certificate, or
generate a self-signed certificate as follows:
# openssl x509 -req -in cloud.csr -signkey cloud.key > cloud.crt
To know more about generating self-signed SSL certificate and configure CloudPlatform
management service to use this certificate, see http://support.citrix.com/article/CTX136351
4. Generate Keystore:
a. Create a PKCS12 format keystore by using the private key and signed certificate:
# openssl pkcs12 -export -in cloud.crt -inkey cloud.key -name cloud -passout
pass:password > /usr/share/cloudstack/management/conf/cloud-localhost.pk12
5. Restart CloudPlatform
a. Once the Tomcat configuration is updated and the keystore is in place, restart CloudPlatform:
# service cloud-management restart
b. Verify that Tomcat is listening on the configured port (10285/TCP in this example):
# netstat -plnt | grep 10285
c. If it is not working, check /var/log/cloudstack/management/catalina.out for error
messages.
6. Configure iptables:
a. If iptables is in use, update the rules to allow access to the configured port. For example:
# iptables -I INPUT 1 -p tcp -m tcp --dport 10285 -j ACCEPT
b. Verify connectivity to <https://yourserver:10285/client>.
c. Optionally, enable redirection from 443/TCP in iptables:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port
10285
d. Verify connectivity to <https://yourserver/client>.
e. Once iptables is configured correctly, save the changes: