Posted on Leave a comment

Encrypting VMDashboard with a self-signed cert

As a security recommendation, it is always a good practice to encrypt your the data sent across the Internet. You can encrypt both your VMDashboard connection as well as the VNC connection to your virtual machines.

With the Apache web server on Ubuntu you can enable https traffic using the following command:
sudo a2enmod ssl

Ubuntu has a configuration already setup to be used with a self-signed certificate. It can be activated by using the following command:
sudo a2ensite default-ssl.conf

You will need to restart/reload the Apache web server to apply the SSL connection. Use the following command:
sudo systemctl restart apache2

The VNC connection will default to using the protocol of you web connection. If you wish to use https with VNC you will need to create a certificate. By default, the noVNC app that comes with VMDashboard looks for a cert called self.pem in the /etc/ssl/ directory.

To create the certificate for the VNC connection navigate to the /etc/ssl/ directory.
cd /etc/ssl/

Create the certificate by using the following command:
sudo openssl req -x509 -days 365 -new -nodes -out self.pem -keyout self.pem

Now change the permissions of the self.pem file
sudo chmod 755 self.pem

If you have already used VMDashboard, you will need to kill the existing VNC process. To determine the process to kill use netstat and determine the process number that is listening on port 6080.
sudo netstat -tulpn | grep 6080

Now kill the process. For example if the process was numbered 29226, you would kill it using the command:
sudo kill 29226

Now when you log into VMDashboard, the VNC software will use the self-signed cert. Because it is self-signed your browser will not trust it. To trust the certification visit your URL:6080 and click the Advanced button on the screen. For example, if I were using 192.168.1.2 to view the web interface I would use https://192.168.1.2:6080.

Leave a Reply

Your email address will not be published.