Enabling console encryption will cause all console-related traffic to be served over HTTPS instead of downgrading to HTTP. To enable console encryption follow these steps.
Ensure that the certs installed on C2 are trusted by a certificate authority installed on your client's web browsers. A self-signed certificate with user-added security exception is not sufficient for the console feature to work in browsers other than Google Chrome.
Edit /var/opt/cloudbolt/proserv/customer_settings.py, adding the following lines and changing the certificate and key paths to match the paths that are set in /etc/httpd/conf.d/ssl.conf:
# The PEM-formatted SSL certs used by
# the webserver to provide HTTPS.
ENCRYPT_CONSOLE = True
SSL_CERT_PATH = "/etc/pki/tls/certs/localhost.crt"
SSL_KEY_PATH = "/etc/pki/tls/private/localhost.key"
Ensure the permissions of your certificate and key are set correctly by running these commands, replacing SSL_CERT_PATH and SSL_KEY_PATH with the values you set above:
$ chown apache:apache SSL_CERT_PATH SSL_KEY_PATH
$ chmod 400 SSL_CERT_PATH SSL_KEY_PATH
$ # Be sure that the ancestor directories of your certs have the executable bit
$ chmod +x <a list of your certificate's parent directories>
Restart CloudBolt by running:
$ service httpd restart
Very helpful thanks Rick.