Displaying present location in the site.
August 25th, 2022
Machine translation is used partially for this article. See the Japanese version for the original article.
In EXPRESSCLUSTER X 4.0 and later, you can select HTTPS connection as communication method of Cluster WebUI which is the management GUI.
Prior to the initial version of EXPRESSCLUSTER X 4.1 (Internal Ver. 4.1.0-1) could use OpenSSL 1.0.2, but since the update EXPRESSCLUSTER X 4.1 (Internal Ver. 4.1.2-1) can use OpenSSL 1.1.1.
This time, we will introduce the setting when using OpenSSL 1.1.1 in the Linux environment.
For details on how to set it in the Windows environment, please refer to here.
1. Installing OpenSSL
Install OpenSSL on all servers constituting an HA cluster.
Cluster WebUI uses OpenSSL to communicate over HTTPS.
We can use OpenSSL provided by the distribution in the Linux environment.
If the required packages were not automatically installed when the OS was installed, we will need to install them.
Run the command line below to make sure OpenSSL 1.1.1 was installed.
If OpenSSL 1.1.1 was not installed, install it separately.
2. Creating a Private Key and a Server Certificate
Create a private key and a server certificate to be used for HTTPS communication.
This time, the server certificate is created as a self-signed certificate.
2.1 Create a Directory to Store the Private Key and the Server Certificate
Create a directory to store the private key and the server certificate.
This time, we will create "/ssl". Run the command line below.
2.2 Create a Private Key
Use OpenSSL command to create a private key.
This time, we will create a "server.key".
# openssl genrsa -out server.key 2048
2.3 Create a Certificate Signing Request
Use OpenSSL command to create a certificate signing request.
This time, create the file name as "server.csr".
When run the command bellow, we will enter information such as "Country Name" interactively, so please set it according to your environment.
2.4 Create a Server Certificate
Use OpenSSL command to create a server certificate.
This time, create the file name as "server.crt". Also, create a certificate validity period of 3650 days.
2.5 Distribute the Private Key and the Server Certificate to Servers Constituting an HA Cluster
Distribute the private key and the server certificate that we created to all servers constituting an HA cluster. At this time, store the private key and the server certificate so that they are the same path on all servers.
This time, the private key and the server certificate are stored under "/ssl".
- Private key: /ssl/server.key
- Server Certificate: /ssl/server.crt
3. EXPRESSCLUSTER Settings
Set information of the private key and the server certificate that we created to the EXPRESSCLUSTER.
In order to add it to the Cluster WebUI configuration, build the HA cluster once and then change the setting.
Select "Cluster Properties" in the Config mode of Cluster WebUI.
Select the "WebManager" tab of "Cluster Properties" and select "HTTPS" as the Communication Method.
Select the "Encryption" tab of "Cluster Properties" and set the path such as a certificate file.
- Certificate File: /ssl/server.crt
- Private Key File: /ssl/server.key
- SSL Library: /usr/lib64/libssl.so.1.1
- Crypto Library: /usr/lib64/libcrypto.so.1.1
After the setting is completed, apply the configuration file to the HA cluster.
The communication protocol to Cluster WebUI will be changed from HTTP to HTTPS in this setting change, so "Restart WebManager service" will be executed.
4. Checking the Operation
After "Restart WebManager service" is completed, we will need to connect with HTTPS because we cannot connect with HTTP. Therefore, the web browser screen that connected to change the setting of EXPRESSCLUSTER, will not be updated.
Please reconnect the URL as "https://IP address of the server:29003".
If we can display the Cluster WebUI, the setting change is completed.
- * We will display a warning about the certificate because this setting uses a self-signed certificate.
This time, we introduced how to set up HTTPS using OpenSSL 1.1.1, which has become available in EXPRESSCLUSTER X 4.1 (Internal Ver. 4.1.2-1) and later. If you want to encrypt the connection to Cluster WebUI, enable the HTTPS setting.
Thank you for reading the entire this article.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.