8.1 Enabling a Secure Connection

A secure connection requires certificate authentication between the Cloud Manager Application Server and the Cloud Manager Orchestration Server.

The first time it is started, the Cloud Manager Web Service creates a keystore, generates a public/private key pair, and exports the public key to a certificate. The Web Service is started automatically as part of the Cloud Manager Orchestration Server startup or manually by using the following command:

/etc/init.d/novell-pso-ws start

To complete the configuration of the secure connection, you need to import the Cloud Manager Web Service’s public certificate to the Cloud Manager Application Server trust store and configure the secure port for the Cloud Manager Web Service. The following sections provide instructions:

8.1.1 Configuring the Cloud Manager Web Service Secure Port

By default, the Cloud Manager Web Service listens on port 8443. You can change this port if necessary.

  1. On the Cloud Manager Orchestration Server, open the jetty-ssl.xml file:

    /etc/opt/novell/pso-ws/jetty/jetty-ssl.xml

  2. Locate the <Call name =”addConnector”> section. It will look similar to the section shown below:

    <Call name="addConnector">
      <Arg>
        <New class="org.mortbay.jetty.security.SslSocketConnector">
          <Set name="Port">8443</Set>
          <Set name="maxIdleTime">30000</Set>
          <Set name="handshakeTimeout">2000</Set>
          <Set name="keystore"><SystemProperty name="jetty.home" default="." 
            />/etc/keystore</Set>
          <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
          <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
          <Set name="truststore"><SystemProperty name="jetty.home"
            default="." />/etc/keystore</Set>
          <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
          <Set name="handshakeTimeout">2000</Set>
        </New>
      </Arg>
    </Call>
    
  3. In the <Set name="Port"> directive, change the port number.

    When adding the Cloud Manager Orchestration Server as a zone in the Cloud Manager Application Console, you specify this port as the server port.

  4. Save the jetty-ssl.xml file.

  5. Restart the Cloud Manager Web Service:

    /etc/init.d/novell-pso-ws restart