Note: Please go to to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Clouds > CloudStack > Using HTTPS with CloudStack

Using HTTPS with CloudStack

The RightScale best practice for connecting to CloudStack endpoints is to use Secure Socket Layer (SSL) to authenticate HTTPS requests. Before you can use SSL to authenticate your web traffic, you must have an SSL certificate that you will associate with your ServerTemplate. Generally, SSL certificates used with production servers are issued by third-party certificate authorities (CAs).

Before a certificate authority will issue an SSL certificate, you must provide them with a CSR (certificate signing request) containing encrypted company and website information.

Obtaining an SSL Certificate

To obtain an SSL server certificate from a CA and assign it to a ServerTemplate:

  1. Generate a private key file and CSR file for your web server.
  2. Provide the certificate authority with the contents of your CSR.
  3. Attach the SSL server certificate received from the CA to your RightScale ServerTemplate. (For more information see How do I set up SSL?.)


You can generate the necessary public CSR and associated private key using OpenSSL. After connecting to a server instance via SSH, you can run a command string like the following:

openssl req -new -nodes -keyout myserver.key -out server.csr

More information on CSRs can be found on Wikipedia at

Some third-party certificate authorities (CAs) issuing SSL certificates are:

  • VeriSign
  • Thawte
  • InstantSSL
  • Entrust
  • GeoTrust
  • GoDaddy

Configuring an SSL Connector for Tomcat

Tomcat needs an SSL Connector configured in order to accept secure connections. By default Tomcat looks for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ for Unix and Linux and C:\Documents and Settings\user_name\ for Windows. If necessary you can change the filename, password, andthe location where Tomcat looks for the keystore.

  1. Start Tomcat.
  2. Enter http://localhost:8080/admin in a local browser to start the Tomcat Administration Tool.
  3. Enter a username and password with administrator privileges.
  4. Select the service (Java Web Services Developer Pack).
  5. Select Create New Connector from the drop-down list.
  6. Select HTTPS in the Type field.
  7. In the Port field, enter 443. This defines the TCP/IP port number on which Tomcat will listen for secure connections.
  8. Enter the Keystore Name and Keystore Password if your keystore is named something other than .keystore, if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if the password is something other than the default value of changeit. If you have used the default values, you can leave these fields blank.
  9. Click Save to save the new connector.
  10. Click Commit Changes to save the new Connector information to the server.xml file so that it is available the next time Tomcat starts.


You must to post a comment.
Last modified
21:42, 16 May 2013


This page has no custom tags.


This page has no classifications.



© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.