- Zenoss 5.x
- Control Center 1.x
Depending on browser security settings, users connecting to a Control Center or Resource Manager instance may encounter warning messages stating the site's identity cannot be verified. These errors are generated by some browsers when a web server presents a self-signed certificate to the browser establishing an SSL connection. This KB describes how to configure Control Center 1.0.6 and Zenoss 5.x to use a digitally signed certificate after such a certificate is procured by the Zenoss administrator.
Perform the following to enable/configure the Zenoss host for SSL:
- Procure a new certificate for the Control Center hostname.
Note: The complete certificate bundle is required that includes CAs necessary to validate the certificate.
- Copy the new certificate to the Control Center host.
Edit the serviced file, for example:
$ vi /etc/default/serviced
- Search for and change the following lines in the file to add your path information.
Note: If the lines do not exist, append them to the bottom of the file.
- Save the file and exit the editor
- Reload serviced. For example:
sudo systemctl reload serviced
- If a valid certificate is needed for each individual endpoint, for example. zenoss5.[host], etc., a wildcard certificate is required. If wildcard certificates are not permissible in your environment, upgrading to Control Center 1.1.1 enables use of port-based virtual hosts instead of unique endpoint host names.
- Zenoss supports SAN (Subject Alternative Name) certificates in addition to wildcard certificates.
- If your end users access the user interface via a reverse proxy, the reverse proxy may provide the browser with its own SSL certificate. In that case, contact Zenoss Support for additional assistance.