Certificates
In order to provide a HTTPS connection between the different components, a SSL certificate is required for each of the hosts. Customers are recommend to use their own manager certificates on each of the host. For non-production workloads, a self-signed SSL certificate can be used. For more information on creating a self-signed cert see Generating a self-signed certificate.
See instructions below on how to configure the different Amazon DCV Access Console components to use certificates.
Authentication Server
-
Connect to the host that is running the Authentication Server.
-
Open
/etc/dcv-access-console-auth-server/access-console-auth-server-secrets.propertieswith your preferred editor and update the following properties:-
server.ssl.key-store-type– Set toPKCS12. -
server.ssl.key-store– Set to path of the JKS keystore. -
server.ssl.enabled– Set to true. -
server.ssl.key-store-password– Set to key store password.
-
-
Restart the Handler service.
sudo systemctl restart dcv-access-console-auth-server
Handler
-
Connect to the host that is running the Handler
-
Open
/etc/dcv-access-console-handler/access-console-handler-secrets.propertieswith your preferred editor and update the following properties:-
server.ssl.key-store-type– Set toPKCS12. -
server.ssl.key-store– Set to path of the JKS key store. -
server.ssl.enabled– Set to true. -
server.ssl.key-store-password– Set to key store password.
-
-
Restart the Handler service.
sudo systemctl restart dcv-access-console-handler
Web Client/NGNIX
-
Connect to the host that is running NGNIX.
-
Open
/etc/nginx/conf.d/dcv-access-console.confwith your preferred editor and update the following properties:-
ssl_certificate– Set to path to the certificate for the host. -
ssl_certificate_key– Set to path to the key for the certificate.
-
-
Restart the NGNIX service.
sudo systemctl restart ngnix
