SSL encryption
You can secure communication between ADB Control web server and clients using the HTTPS protocol, which is based on SSL encryption. To configure an access to ADB Control via HTTPS, follow the steps:
-
Open the ADB Control service configuration page in ADCM.
-
Set the Show advanced flag.
-
Activate the HTTPS parameters enable switcher.
-
Fill in the following fields if you need to use your own certificates.
IMPORTANTIf no settings are filled in, ADB Control will create certificates by itself.
Parameter Description Default value Server certificate
Server certificate contents in the CRT format (*.crt file)
—
Server private key
Server private key contents (*.key file)
—
Verify system endpoints' certificates
A flag that indicates whether to verify certificates of system endpoints
false
Server JKS keystore path
A path to the keystore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/keystore.jks
—
Server JKS keystore password
A password that is used for connecting to
Server JKS keystore path
—
Server JKS truststore path
A path to the truststore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/truststore.jks
—
Server JKS truststore password
A password that is used for connecting to
Server JKS truststore path
—
Client JKS keystore path
A path to the keystore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/keystore.jks
—
Client JKS keystore password
A password that is used for connecting to
Client JKS keystore path
—
Client JKS truststore path
A path to the truststore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/truststore.jks
—
Client JKS truststore password
A password that is used for connecting to
Client JKS truststore path
—
Fill in the HTTPS parametersTIP-
The adcc_default.crt and adcc_default.key files for a self-signed certificate are created by default on the host where ADB Control is deployed. They are located in the /opt/adcc/ssl folder. You can specify these files for testing purposes.
-
For production systems, you should use a trusted certificate authority (CA) to sign certificates. To create a real SSL certificate and register it with the CA, use the openssl utility.
-
In case of expanding ADB, SSL certificates should be re-generated to add the corresponding
ServerAltNames
for new ADB hosts. -
To connect an external ADB cluster to existing ADB Control with SSL enabled, certificates with
ServerAltNames
for hosts of both ADB clusters should be specified in the settings of a main and an external ADB cluster.
-
-
Click Save.
-
Apply the Reconfigure & Restart action to the ADB Control service.
Apply changesAs a result, the following record is added to the /opt/adcc/nginx.conf configuration file on the host where ADB Control is deployed:
server { listen 8443 default_server ssl; server_name _; ssl_certificate /etc/nginx/conf.d/adcc_ssl.crt; ssl_certificate_key /etc/nginx/conf.d/adcc_ssl.key; ssl_prefer_server_ciphers on; return 302 https://10.92.40.122:8443$request_uri; }
After all steps are completed successfully, every attempt to connect to ADB Control via http://<ADB Control IP address>:81 will be automatically redirected to https://<ADB Control IP address>:8443. Due to using a self-signed certificate, the Not secure
message will be shown in a web browser.