Tasks / Configure SSL |
This topic details tasks to configure SSL for the User-Facing Services (UFS).
Eucalyptus uses a PKCS12-format keystore. If you are using a certificate signed by a trusted root CA, perform the following steps.
euctl bootstrap.webservices.ssl.server_alias=[key_alias] euctl bootstrap.webservices.ssl.server_password=[export_password]
To direct all user facing services requests to use port 443 instead of using 8773, run the following commands on the CLC:
euctl bootstrap.webservices.port=443 euctl bootstrap.webservices.default_ec2_uri_scheme=https euctl bootstrap.webservices.default_euare_uri_scheme=https euctl bootstrap.webservices.default_s3_uri_scheme=https
To enable SSL, both the UFS and CLC must be restarted. Restart the UFS and CLC by running service eucalyptus-cloud restart or
/etc/init.d/eucalyptus-cloud restart