To start the Hedvig WebUI with the HTTPS protocol, you must get a certificate and convert it to JKS (Java keystore format).
Procedure
-
Acquire or generate a certificate [self-signed or signed with a valid CA (Certificate Authority)].
-
Convert the certificate to Java keystore format (.jks) with
openssl
. When prompted, use hedvig as the password.openssl pkcs12 -export -chain -in hsn01.netops.cert.pem -inkey hsn01.netops.key.pem -out keystore.p12 -name HV-Server -CAfile ca-chain.cert.pem
keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -alias HV-Server -deststoretype pkcs12
-
Copy the keystore file to the Hedvig Server root path, and name it /keystore.jks.
scp keystore.jks root@blue3:/usr/local/hedvig/hblock/keystore.jks
-
Modify the
<Storage>
section in the /usr/local/hedvig/hblock/storage-conf.xml file, as follows:<SSL>
<KeyStorePath>/usr/local/hedvig/keystore.jks</KeyStorePath>
<KeyStorePassword>hedvig</KeyStorePassword>
<KeyStoreManagerPassword>hedvig</KeyStoreManagerPassword>
</SSL>
-
Point the browser to the server's
https
port, for example:https://blue3.hedviginc.com:8443
If the certificate is self-signed, or has a CA that is not publicly trusted, then the web browser will give you a warning.
-
Restart the HBLOCK services, as follows:
[root@node1 hblock]# service hedvighblock stop
[root@node1 hblock]# service hedvighblock start