To start the Hedvig WebUI with the HTTPS protocol, you must get a certificate and convert it to JKS (Java keystore format).
Procedure
-
Acquire or generate a certificate [self-signed or signed with a valid CA (Certificate Authority)].
-
Convert the certificate to Java keystore format (.jks) with
openssl. When prompted, use hedvig as the password.openssl pkcs12 -export -chain -in hsn01.netops.cert.pem -inkey hsn01.netops.key.pem -out keystore.p12 -name HV-Server -CAfile ca-chain.cert.pemkeytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -alias HV-Server -deststoretype pkcs12 -
Copy the keystore file to the Hedvig Server root path, and name it /keystore.jks.
scp keystore.jks root@blue3:/usr/local/hedvig/hblock/keystore.jks -
Modify the
<Storage>section in the /usr/local/hedvig/hblock/storage-conf.xml file, as follows:<SSL><KeyStorePath>/usr/local/hedvig/keystore.jks</KeyStorePath><KeyStorePassword>hedvig</KeyStorePassword><KeyStoreManagerPassword>hedvig</KeyStoreManagerPassword></SSL> -
Point the browser to the server's
httpsport, for example:https://blue3.hedviginc.com:8443If the certificate is self-signed, or has a CA that is not publicly trusted, then the web browser will give you a warning.
-
Restart the HBLOCK services, as follows:
[root@node1 hblock]# service hedvighblock stop[root@node1 hblock]# service hedvighblock start