Ask Your Question
1

How to configure a self signed certificate for Horizon Dashboard in Openstack ?

asked 2019-01-27 21:55:52 -0600

Gokul Prasad Thangavel gravatar image

I installed the Openstack neutron version . I would like to configure a Self Signed SSL for the dashboard .

How to install it ?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2019-01-28 00:06:12 -0600

Eranachandran gravatar image

updated 2019-01-28 00:10:52 -0600

Enable ssl by typing this command sudo a2enmod ssl

Enabling ssl requires the apache2 service should be restarted, so restart apache by using this command service apache2 restart

Create a directory for the Self-Signed certificate by using sudo mkdir /etc/ssl

Generate Self-Signed Certificate by using the below command 

       sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048  - keyout  /etc/ssl/client.key -out /etc/ssl/client.crt 

         The above command generates client.key file and client.crt file

Convert the generated files into pem format by using follwing commands 

         cat client.key > /etc/ssl/client-key.pem 

         cat client.crt > /etc/ssl/client-cert.pem

Combine the client-key.pem and client-cert.pem by using this command cat client-key.pem client-cert.pem > client.pem

The client-key.pem is the keyfile and the client.pem is the certificate file for Self- signed certificate

Configuring SSL in /etc/apache2/sites-available/default-ssl.conf

 <IfModule mod_ssl.c>
         <VirtualHost _default_:443>
                 ServerAdmin your_email@example.com
                 ServerName server_domain_or_IP

                 DocumentRoot /var/www/html

                 ErrorLog ${APACHE_LOG_DIR}/error.log
                 CustomLog ${APACHE_LOG_DIR}/access.log combined

                 SSLEngine on

                 SSLCertificateFile       /etc/ssl/client.pem 
                 SSLCertificateKeyFile  /etc/ssl/client-key.pem 

                 <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                 SSLOptions +StdEnvVars
                 </FilesMatch>
                 <Directory /usr/lib/cgi-bin>
                                 SSLOptions +StdEnvVars
                 </Directory>

                 BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0

         </VirtualHost>  </IfModule>

After making these changes, your server block should look similar to this:

edit flag offensive delete link more

Comments

Thanks Eranachandran

Gokul Prasad Thangavel gravatar imageGokul Prasad Thangavel ( 2019-01-28 05:08:40 -0600 )edit

if this worked for you, accept an answer to avoiding too many answers

Eranachandran gravatar imageEranachandran ( 2019-01-28 05:35:52 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-01-27 21:55:52 -0600

Seen: 584 times

Last updated: Jan 28 '19

Related questions

Horizon slow --> causes ?

Error: Unauthorized on dashboard

Centos 7 Horizon 500 mod_wsgi errors

Multidomain Horizon Dashboard

How do I change the theme/branding?

Need to install horizon test environment

kolla-ansible horizon problems

Keeping track of tokens

Error 500 when loading OpenStack Dashboard

Apache error log is throwing errors for every openstack components