Please read the first part of https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ (the second part is how to secure tomcat, you don't need it)
No matter what is the provider of the SSL, you will need to have 1) server certificate, 2) the corresponding private key in the proper format and 3) CA bundle (certificates of the ROOT and any INTERMEDIARY certificate authorities) In general, since your CPVM will get any od the IPs dedicated to either the a) systemVM public IP pool (in newer ACS version) or 2) any of the public IP addresses (IPs from the "Public" pool) - you need to ensure you have the proper DNS A records for ALL public IP addresses that might be used for the CPVM - in form of 1-2-3-4.mydomain.com resolving to IP 1.2.3.4 (single IP example, and you need such A records for ALL the public IPs that might be used as the CPVM public IP) - and your SSL should be a wildcard certificate with CN of " *.mydomain.com " (for example above) - and this is the consoleproxy.url.domain that you want to set - " *.mydomain.com " Best, On Thu, 8 Oct 2020 at 19:10, Hean Seng <[email protected]> wrote: > Do you know if need to enter consoleproxy.url.domain ? > > this only can key in one Domain, if there are multiple console proxy, how > to key in > > On Thu, Oct 8, 2020 at 3:36 PM Hean Seng <[email protected]> wrote: > > > Thanks, I will try it . > > > > On Thu, Oct 8, 2020 at 12:16 PM Pearl d'Silva < > [email protected]> > > wrote: > > > >> Hi Hean, > >> > >> I haven't tried this myself, but found a blog that explains how to use > >> Letsencrypt SSL for Console Proxy > >> https://sysadminonline.net/cloudstack-letsencrypt-ssl-for-cnsole-proxy/ > >> > >> The official documentation for using up SSL certificate for Console > Proxy > >> can be found : > >> > http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain > >> > >> In case there are multiple Console Proxy VMs, after uploading the > >> certificates, the console proxy VMs will automatically restart and pick > the > >> new certificates fed to CloudStack. Also note that > >> "consoleproxy.sslEnabled" global setting needs to be set to true. > >> > >> Thanks, > >> Pearl > >> ________________________________ > >> From: Hean Seng <[email protected]> > >> Sent: Thursday, October 8, 2020 6:49 AM > >> To: [email protected] <[email protected]> > >> Subject: Letsencrypt SSL and Console Proxy > >> > >> HI > >> > >> Anyone can guide me how to install letsencrypt SSL to console proxy ? > >> > >> And if there is multiple Console proxy, does we need to install multiple > >> SSL on it ? > >> > >> > >> Thank you > >> > >> -- > >> Regards, > >> Hean Seng > >> > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > Regards, > Hean Seng > -- Andrija Panić
