Hi Mevludin, You need to define the consoleproxy.sslEnabled and consoleproxy.url.domain global settings and upload the SSL certificate via Infra -> SSL certificate form. Upon uploading of your certificate the CPVM should restart/reconfigure. Also make sure that the domain (if not a wildcard) is resolved to the public IP address of the CPVM. You don't need any port-specific configuration, but make sure to restart mgmt server after changing global settings, if necessary destroy the old CPVM after restart.
You can read more here: https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ With 4.16, when the consoleproxy.sslEnabled is false but domain is defined then the CPVM url will open the console proxy url without enforcing https:// (however the https:// scheme will be enforced is mgmt server is accessed over https://). This can be used for doing out-of-band SSL termination, for ex. using a nginx proxy. Regards. ________________________________ From: Mevludin Blazevic <mblaze...@uni-koblenz.de> Sent: Thursday, November 25, 2021 23:56 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Setting up a DNS Name for console proxy ssl connection Hi all, is it enough to define just a DNS name for the console proxys public ip address for enabling SSL? Let's say you define cpvm.mydomain.com as the DNS name for the console proxy and also set this in the configs "consoleproxy.url.domain" and "consoleproxy.sslEnabled" and upload an appropriate certificate via the GUI, which is not a wildcard certificate. When trying to access the console I get a 404 error. Did I miss a redirection configuration somewhere from port 8080 to 443 (or 8443)? Regards Mevludin
