The RightScale best practice for connecting to CloudStack endpoints is to use Secure Socket Layer (SSL) to authenticate HTTPS requests. Before you can use SSL to authenticate your web traffic, you must have an SSL certificate that you will associate with your ServerTemplate. Generally, SSL certificates used with production servers are issued by third-party certificate authorities (CAs).
Before a certificate authority will issue an SSL certificate, you must provide them with a CSR (certificate signing request) containing encrypted company and website information.
To obtain an SSL server certificate from a CA and assign it to a ServerTemplate:
You can generate the necessary public CSR and associated private key using OpenSSL. After connecting to a server instance via SSH, you can run a command string like the following:
openssl req -new -nodes -keyout myserver.key -out server.csr
More information on CSRs can be found on Wikipedia at http://en.wikipedia.org/wiki/Certificate_signing_request.
Some third-party certificate authorities (CAs) issuing SSL certificates are:
Tomcat needs an SSL Connector configured in order to accept secure connections. By default Tomcat looks for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ for Unix and Linux and C:\Documents and Settings\user_name\ for Windows. If necessary you can change the filename, password, andthe location where Tomcat looks for the keystore.
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.