(Based on Citrix support knowledgebase document)
Back up and edit /etc/cloud/management/server.xml. By default the HTTPS configuration is commented out, so uncomment it and update it as necessary. Note that Tomcat runs as the "cloud" user and not root, so an unprivileged port (1025/tcp or above) must be used and the keystore file will need appropriate permissions. Include the password you will use for the certificate. This is a sample of the relevant section:
<!-- Define a SSL HTTP/1.1 Connector on port 10285
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="10285" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreType="PKCS12"
keystoreFile="conf/cloud-localhost.pk12"
keystorePass="password" />
Obtain Certificate
Alternately, you can generate a CSR to have signed by a valid CA - implemention (for now) left as an exercise for the reader. Either way, the cert must be stored in a keystore, as described below.
Generate Keystore
Create a PKCS12 format keystore using the private key and signed certificate:
openssl pkcs12 -export -in cloud.crt -inkey cloud.key -name cloud -passout pass:password > /usr/share/cloud/management/conf/cloud-localhost.pk12
Restart CloudStack
Configure iptables