HI Thanks for explanation, it works.
On Fri, Oct 9, 2020 at 6:36 PM Andrija Panic <andrija.pa...@gmail.com> wrote: > Please read the first part of > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ (the > second part is how to secure tomcat, you don't need it) > > No matter what is the provider of the SSL, you will need to have 1) server > certificate, 2) the corresponding private key in the proper format and 3) > CA bundle (certificates of the ROOT and any INTERMEDIARY certificate > authorities) > > In general, since your CPVM will get any od the IPs dedicated to either the > a) systemVM public IP pool (in newer ACS version) or 2) any of the public > IP addresses (IPs from the "Public" pool) - you need to ensure you have the > proper DNS A records for ALL public IP addresses that might be used for the > CPVM - in form of 1-2-3-4.mydomain.com resolving to IP 1.2.3.4 (single IP > example, and you need such A records for ALL the public IPs that might be > used as the CPVM public IP) - and your SSL should be a wildcard certificate > with CN of " *.mydomain.com " (for example above) - and this is the > consoleproxy.url.domain that you want to set - " *.mydomain.com " > > Best, > > On Thu, 8 Oct 2020 at 19:10, Hean Seng <heans...@gmail.com> wrote: > > > Do you know if need to enter consoleproxy.url.domain ? > > > > this only can key in one Domain, if there are multiple console proxy, > how > > to key in > > > > On Thu, Oct 8, 2020 at 3:36 PM Hean Seng <heans...@gmail.com> wrote: > > > > > Thanks, I will try it . > > > > > > On Thu, Oct 8, 2020 at 12:16 PM Pearl d'Silva < > > pearl.dsi...@shapeblue.com> > > > wrote: > > > > > >> Hi Hean, > > >> > > >> I haven't tried this myself, but found a blog that explains how to use > > >> Letsencrypt SSL for Console Proxy > > >> > https://sysadminonline.net/cloudstack-letsencrypt-ssl-for-cnsole-proxy/ > > >> > > >> The official documentation for using up SSL certificate for Console > > Proxy > > >> can be found : > > >> > > > http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain > > >> > > >> In case there are multiple Console Proxy VMs, after uploading the > > >> certificates, the console proxy VMs will automatically restart and > pick > > the > > >> new certificates fed to CloudStack. Also note that > > >> "consoleproxy.sslEnabled" global setting needs to be set to true. > > >> > > >> Thanks, > > >> Pearl > > >> ________________________________ > > >> From: Hean Seng <heans...@gmail.com> > > >> Sent: Thursday, October 8, 2020 6:49 AM > > >> To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > >> Subject: Letsencrypt SSL and Console Proxy > > >> > > >> HI > > >> > > >> Anyone can guide me how to install letsencrypt SSL to console proxy ? > > >> > > >> And if there is multiple Console proxy, does we need to install > multiple > > >> SSL on it ? > > >> > > >> > > >> Thank you > > >> > > >> -- > > >> Regards, > > >> Hean Seng > > >> > > > > > > > > > -- > > > Regards, > > > Hean Seng > > > > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > > Andrija Panić > -- Regards, Hean Seng
