SSL encryption
You can secure communication between ADB Control web server and clients using the HTTPS protocol, which is based on SSL encryption. To configure an access to ADB Control via HTTPS, follow the steps:
-
Open the ADB Control service configuration page in ADCM.
-
Set the Show advanced flag.
-
Activate the HTTPS parameters enable switcher.
-
Fill in the following fields if you need to use your own certificates.
IMPORTANTIf no settings are filled in, ADB Control will create certificates by itself.
Parameter Description Default value Server certificate
Server certificate contents in the CRT format (*.crt file)
—
Server private key
Server private key contents (*.key file)
—
Verify system endpoints' certificates
A flag that indicates whether to verify certificates of system endpoints.
When using the Verify system endpoints' certificates option in the ADB Control configuration with self-signed certificates, ensure that you added the root and intermediate CA certificates to the OS trusted root certificate stores.
In order to use the Verify system endpoints' certificates option with your own certificates, for proper verification, add the ADB Control IP address to the
CN
field of the san.cnf file (SAN
) and exclude DNS from thealt_names
section (leave only IP)false
Server JKS keystore path
A path to the keystore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/keystore.jks
—
Server JKS keystore password
A password that is used for connecting to
Server JKS keystore path
—
Server JKS truststore path
A path to the truststore file in the JKS format for the ADB Control server part. For example, /opt/adcc/ssl/truststore.jks
—
Server JKS truststore password
A password that is used for connecting to
Server JKS truststore path
—
Client JKS keystore path
A path to the keystore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/keystore.jks
—
Client JKS keystore password
A password that is used for connecting to
Client JKS keystore path
—
Client JKS truststore path
A path to the truststore file in the JKS format for the ADB Control client part (ADB Control/ADBM agents). For example, /opt/ssl/truststore.jks
—
Client JKS truststore password
A password that is used for connecting to
Client JKS truststore path
—
Fill in the HTTPS parametersTIP-
The adcc_default.crt and adcc_default.key files for a self-signed certificate are created by default on the host where ADB Control is deployed. They are located in the /opt/adcc/ssl folder. You can specify these files for testing purposes.
-
For production systems, you should use a trusted certificate authority (CA) to sign certificates. To create a real SSL certificate and register it with the CA, use the openssl utility.
-
In case of expanding ADB, SSL certificates should be re-generated to add the corresponding
ServerAltNames
for new ADB hosts. -
To connect an external ADB cluster to existing ADB Control with SSL enabled, certificates with
ServerAltNames
for hosts of both ADB clusters should be specified in the settings of a main and an external ADB cluster.
-
-
Click Save.
-
Apply the Reconfigure & Restart action to the ADB Control service.
Apply changes
After all steps are completed successfully, the ADB Control server port (by default, 81
) will be used for SSL. The ADB Control address will look as follows: https://<ADB Control IP address>:81.