NetIQ Documentation: NetIQ Cloud Manager 2.1.5 Application Server Installation Guide - Configuring the Cloud Manager Web Server to Use SSL

5.3 Configuring the Cloud Manager Web Server to Use SSL

If you choose to use SSL with Cloud Manager’s Jetty Web server, you need to provide Secure Socket Layer (SSL) information that the Cloud Manager Application Server can use to provide a secure connection.

When the configuration tool displays its SSL configuration segment, it immediately detects the existing DNS name of the server where you are performing the configuration. Because this DNS name must match the subject of the security certificate, you can change the DNS name to match the subject of an existing certificate.

The configuration tool lets you choose to use either a self-signed certificate generated by the server, or an existing certificate that you can import. The configuration is based on the details you provide after that initial determination:

Select 'yes' if you want to use an existing certificate for <detected _dns_hostname>. If you select 'no', NetIQ Cloud Manager will use a self-signed certificate.

Use existing certificate? (y/n):

Make sure you are prepared with the following information you are prompted to provide for configuring the Cloud Manager Web Server to use an imported SSL certificate:

Information Needed to Configure an Imported SSL Certificate	Description
Path to the Cloud Manager Server Certificate	Specify the path to an existing public certificate (in PEM format) that you want to import and use on this server. For example: /home/jdoe/cloudmgr/newcert.pem SSL is required if you want to use NCSS with Cloud Manager. If no SSL certificate exists, you can create one by using OpenSSL or YaST. Use your browser tools to export the certificate.
Path to the Cloud Manager Server Private Key	Specify the path to the private key file of this server. This must be the private key file (in PEM format) that is provided by your trusted certificate authority. For example: /home/jdoe/cloudmgr/newkey.pem
Private Keystore Password	Specify the password you want to use for decrypting the private key file exclusively for Cloud Manager. If you don’t want to use a password, press Enter when the tool prompts you with this question.

Information Needed to Configure an Imported SSL Certificate

Description

Path to the Cloud Manager Server Certificate

Specify the path to an existing public certificate (in PEM format) that you want to import and use on this server.

For example:

/home/jdoe/cloudmgr/newcert.pem

SSL is required if you want to use NCSS with Cloud Manager.

If no SSL certificate exists, you can create one by using OpenSSL or YaST. Use your browser tools to export the certificate.

Path to the Cloud Manager Server Private Key

Specify the path to the private key file of this server. This must be the private key file (in PEM format) that is provided by your trusted certificate authority.

For example:

/home/jdoe/cloudmgr/newkey.pem

Private Keystore Password

Specify the password you want to use for decrypting the private key file exclusively for Cloud Manager.

If you don’t want to use a password, press Enter when the tool prompts you with this question.