SSL encryption

You can secure communication between ADB Control web server and clients using the HTTPS protocol, which is based on SSL encryption. To configure an access to ADB Control via HTTPS, follow the steps:

  1. Open the ADB Control service configuration page in ADCM.

  2. Set the Show advanced flag.

  3. Activate the HTTPS parameters enable switcher.

  4. Fill in the following fields if you need to use your own certificates.

    IMPORTANT

    If no settings are filled in, ADB Control will create certificates by itself.

    Parameter Description Default value

    Server certificate

    Server certificate contents in the CRT format (*.crt file)

     — 

    Server private key

    Server private key contents (*.key file)

     — 

    Verify system endpoints' certificates

    A flag that indicates whether to verify certificates of system endpoints.

    When using the Verify system endpoints' certificates option in the ADB Control configuration with self-signed certificates, ensure that you added the root and intermediate CA certificates to the OS trusted root certificate stores.

    In order to use the Verify system endpoints' certificates option with your own certificates, for proper verification, add the ADB Control IP address to the CN field of the san.cnf file (SAN) and exclude DNS from the alt_names section (leave only IP)

    false

    Server JKS keystore path

    A path to the keystore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/keystore.jks

     — 

    Server JKS keystore password

    A password that is used for connecting to Server JKS keystore path

     — 

    Server JKS truststore path

    A path to the truststore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/truststore.jks

     — 

    Server JKS truststore password

    A password that is used for connecting to Server JKS truststore path

     — 

    Client JKS keystore path

    A path to the keystore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/keystore.jks

     — 

    Client JKS keystore password

    A password that is used for connecting to Client JKS keystore path

     — 

    Client JKS truststore path

    A path to the truststore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/truststore.jks

     — 

    Client JKS truststore password

    A password that is used for connecting to Client JKS truststore path

     — 

    Fill in the HTTPS parameters
    Fill in the HTTPS parameters
    TIP
    • The adcc_default.crt and adcc_default.key files for a self-signed certificate are created by default on the host where ADB Control is deployed. They are located in the /opt/adcc/ssl folder. You can specify these files for testing purposes.

    • For production systems, you should use a trusted certificate authority (CA) to sign certificates. To create a real SSL certificate and register it with the CA, use the openssl utility.

    • In case of expanding ADB, SSL certificates should be re-generated to add the corresponding ServerAltNames for new ADB hosts.

    • To connect an external ADB cluster to existing ADB Control with SSL enabled, certificates with ServerAltNames for hosts of both ADB clusters should be specified in the settings of a main and an external ADB cluster.

  5. Click Save.

  6. Apply the Reconfigure & Restart action to the ADB Control service.

    Apply changes
    Apply changes

After all steps are completed successfully, the ADB Control server port (by default, 81) will be used for SSL. The ADB Control address will look as follows: https://<ADB Control IP address>:81.

Found a mistake? Seleсt text and press Ctrl+Enter to report it