6.6. Accessing the Admin Panel via SSL

When configuring various Virtuozzo Infrastructure Platform features, you may need to enter sensitive information like credentials for user and e-mail accounts, S3 services, and such. The system uses a pre-generated self-signed certificate by default, and you may want to upload one issued by a trusted CA instead.

Note the following before you proceed:

  1. If you want to upload an SSL certificate before creating the HA cluster, you will need one issued for admin panel’s current IP address. If you later create the HA cluster, the admin panel will move to the chosen virtual IP address, and you will need another SSL certificate issued for that address.

  2. When you create or destroy the HA cluster, the current certificate is overwritten by a self-signed one generated by the system. You will need to re-upload your certificate and key from a trusted CA after completing either operation.

  3. If you acquired an SSL certificate from an intermediate certificate authority (CA), you should have an end-user certificate along with a CA bundle that contains the root and intermediate certificates. To be able to use these certificates, you need to merge them into a chain first. A certificate chain includes the end-user certificate, the certificates of intermediate CAs, and the certificate of a trusted root CA. In this case, an SSL certificate can only be trusted if every certificate in the chain is properly issued and valid.

    For example, if you have an end-user certificate, two intermediate CA certificates, and a root CA certificate, create a new certificate file and add all certificates to it in the following order:

    # End-user certificate issued by the intermediate CA 1
    -----BEGIN CERTIFICATE-----
    MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1X<...>
    -----END CERTIFICATE-----
    # Intermediate CA 1 certificate issued by the intermediate CA 2
    -----BEGIN CERTIFICATE-----
    MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9ON9<...>
    -----END CERTIFICATE-----
    # Intermediate CA 2 certificate issued by the root CA
    -----BEGIN CERTIFICATE-----
    MIIC8jCCAdqgAwIBAgICZngwDQYJKoZIhvcN<...>
    -----END CERTIFICATE-----
    # Root CA certificate
    -----BEGIN CERTIFICATE-----
    MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqG<...>
    -----END CERTIFICATE-----
    

To upload an SSL certificate, do the following:

  1. On the SETTINGS > Management node > SSL ACCESS tab, click Upload.
  2. Upload an SSL certificate issued for admin panel’s current IP address.
  3. Upload the private key. This option shows after uploading a valid certificate.
  4. Click SAVE.

The uploaded certificate will be added to the configuration of the web server that hosts the admin panel and you will be able to access it over HTTPS.

You can also generate a new self-signed certificate instead of the one used by default. However, it will not be trusted and you will have to manually accept it in your browser.