cloudsoft.io

HTTPS configuration, installing you own certificate

You can use your own certificate on Visual Composer installing it on a java keystore. To do that you need to have access to your DNS server and your own certificate. Alternatively, you can still use the self-signed installed by default but you will get a security message from your browser.

Typically keys from a Certificate Authority are not provided in Java keystore format. To create a Java keystore from a CA certificate and public and private keys, you have to create a PKCS12 keystore from them, for example with openssl, that can be converted into a Java keystore with keytool.

You can connect to the instance console via SSH using the user ubuntu and the key provided for creating the instance. Remember to add an inbound rule to allow SSH traffic on port 22 and remove it from the security group when it is no longer needed.

For example, with a CA certificate ca.pem, and public and private keys cert.pem and key.pem, create the PKCS12 store server.p12, and then convert it into a keystore keystore.jks as follows:

% openssl pkcs12 -export -in cert.pem -inkey key.pem \
               -out server.p12 -name "cloudsoft" \
               -CAfile ca.pem -caname root -chain -passout pass:"password"

% keytool -importkeystore \
        -deststorepass "password" -destkeypass "password" -destkeystore <path-to-keystore-directory>/keystore.jks \
        -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass "password" \
        -alias "cloudsoft"

Now setup Visual Composer to use the keystore modifying these properties on the file /etc/amp/org.ops4j.pax.web.cfg, replacing the passwords and keystore path with appropriate values, and restarting the server.

org.ops4j.pax.web.ssl.keystore = <path-to-keystore-directory>/keystore.jks
org.ops4j.pax.web.ssl.password = password
org.ops4j.pax.web.ssl.keypassword = password

Last step is setup DNS servers to redirect traffic through HTTPS