Foglight for Virtualization 7.0 Standard uses Tomcat under the covers to serve the web interface. To replace the SSL certificate, follow the instructions below. I started with a password-protected PFX file that had the password foglight.

  1. Copy the PFX file to the server to the /usr/local/tomcat/conf directory
  2. Run the following to convert the PFX in to a Java keystore file, entering foglight for all password prompts: /usr/local/jre1.6.0_43/bin/keytool -importkeystore -srckeystore /usr/local/tomcat/conf/foglight.pfx -srcstoretype pkcs12 -destkeystore /usr/local/tomcat/conf/foglight.jks -deststoretype JKS
  3. Open /usr/local/tomcat/conf/server.xml in your favourite editor

  4. Replace the Connector section with SSL with the following:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    <Connector server="VKernel" port="443" maxHttpHeaderSize="8192"
            maxThreads="150" minSpareThreads="25"
            enableLookups="false" disableUploadTimeout="true"
            acceptCount="100" scheme="https" secure="true"
            SSLEnabled="true" keystoreFile="conf/foglight.jks"
            keystorePass="foglight" clientAuth="false" sslProtocol="TLS"
            ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
            TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
            TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" />

  5. Restart Tomcat with service tomcat restart

After a restart, the web interface will now be using the new certificate.

For reference, the username and password for the appliance is vkernel/vkernel and the su password is password.