Ask Your Question
1

How to configure a self signed certificate for Horizon Dashboard in Openstack ?

asked 2019-01-27 21:55:52 -0500

Gokul Prasad Thangavel gravatar image

I installed the Openstack neutron version . I would like to configure a Self Signed SSL for the dashboard .

How to install it ?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2019-01-28 00:06:12 -0500

Eranachandran gravatar image

updated 2019-01-28 00:10:52 -0500

Enable ssl by typing this command sudo a2enmod ssl

Enabling ssl requires the apache2 service should be restarted, so restart apache by using this command service apache2 restart

Create a directory for the Self-Signed certificate by using sudo mkdir /etc/ssl

Generate Self-Signed Certificate by using the below command 

       sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048  - keyout  /etc/ssl/client.key -out /etc/ssl/client.crt 

         The above command generates client.key file and client.crt file

Convert the generated files into pem format by using follwing commands 

         cat client.key > /etc/ssl/client-key.pem 

         cat client.crt > /etc/ssl/client-cert.pem

Combine the client-key.pem and client-cert.pem by using this command cat client-key.pem client-cert.pem > client.pem

The client-key.pem is the keyfile and the client.pem is the certificate file for Self- signed certificate

Configuring SSL in /etc/apache2/sites-available/default-ssl.conf

 <IfModule mod_ssl.c>
         <VirtualHost _default_:443>
                 ServerAdmin your_email@example.com
                 ServerName server_domain_or_IP

                 DocumentRoot /var/www/html

                 ErrorLog ${APACHE_LOG_DIR}/error.log
                 CustomLog ${APACHE_LOG_DIR}/access.log combined

                 SSLEngine on

                 SSLCertificateFile       /etc/ssl/client.pem 
                 SSLCertificateKeyFile  /etc/ssl/client-key.pem 

                 <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                 SSLOptions +StdEnvVars
                 </FilesMatch>
                 <Directory /usr/lib/cgi-bin>
                                 SSLOptions +StdEnvVars
                 </Directory>

                 BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0

         </VirtualHost>  </IfModule>

After making these changes, your server block should look similar to this:

edit flag offensive delete link more

Comments

Thanks Eranachandran

Gokul Prasad Thangavel gravatar imageGokul Prasad Thangavel ( 2019-01-28 05:08:40 -0500 )edit

if this worked for you, accept an answer to avoiding too many answers

Eranachandran gravatar imageEranachandran ( 2019-01-28 05:35:52 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-01-27 21:55:52 -0500

Seen: 350 times

Last updated: Jan 28 '19

Related questions

OpenStack Horizon - LinkAction is not passing data to the view

Unable to launch Horizon Dashboard with Ocata on controller node

[Horizon] unable to view vnc console in <iframe> with SSL

Get full keystone token from horizon

Horizon access and security tab takes long time to load

compressor.py doesnt have the correct permissions when debug=true

NameError: name 'panel' is not defined

[kolla] horizon menus not working

Horizon KeyError: 'extensions' when logging in

"MissingSchema at /admin/" from havana dashboard