SSL Encrypt CB/VMware Console Sessions

Console Encryption 

Enabling console encryption will cause all console-related traffic to be served over HTTPS instead of downgrading to HTTP. To enable console encryption follow these steps.

Ensure that the certs installed on C2 are trusted by a certificate authority installed on your client's web browsers. A self-signed certificate with user-added security exception is not sufficient for the console feature to work in browsers other than Google Chrome.

Edit /var/opt/cloudbolt/proserv/, adding the following lines and changing the certificate and key paths to match the paths that are set in /etc/httpd/conf.d/ssl.conf:

# The PEM-formatted SSL certs used by
# the webserver to provide HTTPS.
SSL_CERT_PATH = "/etc/pki/tls/certs/localhost.crt"
SSL_KEY_PATH = "/etc/pki/tls/private/localhost.key"

Ensure the permissions of your certificate and key are set correctly by running these commands, replacing SSL_CERT_PATH and SSL_KEY_PATH with the values you set above:

$ chown apache:apache SSL_CERT_PATH SSL_KEY_PATH
$ # Be sure that the ancestor directories of your certs have the executable bit 
$ chmod +x <a list of your certificate's parent directories>

Restart CloudBolt by running:

$ service httpd restart

Have more questions? Submit a request


  • 0
    Japie Botha

    Very helpful thanks Rick.

Please sign in to leave a comment.