As far as version 8.4 I could not find CSR generator, so to generate CSR one need to use OpenSSL
If you don’t have OpenSSL
on your machine the easiest way is to SSH to your vROPs node and run commands from there:
- Generate a key pair by running this command:
openssl genrsa -out key_filename.key 2048
- Use the key to generate a certificate signing request by running this command:
openssl req -new -key key_filename.key -out certificate_request.csr
NOTE: if you want to include SAN or multiple SANs to you CSR you need to use req.config.
How to use req.conf – > Click here
- Submit the CSR file to your Certificate Authority (CA) to obtain a signed certificate.
- From your Certificate Authority, download the certificate and the complete issuing chain (one or more certificates). Download them in Base64 format.
- Enter the command to create a single PEM file containing all certificates and the private key. (Also you can use Notepad or any other text editor)
cat server_cert.cer key_filename.key chain_cert1.cer chain_cert2 > multi_part.pem
The finished PEM file should look similar to the following example, where the number of CERTIFICATE sections depends on the length of the issuing chain:
-----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- (Your Private Key: your_domain_name.key) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: DigiCertCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: TrustedRoot.crt) -----END CERTIFICATE-----
NOTE: The certificates applied through the vRealize Operations Manager Admin UI will be used only for securely connecting and serving the user interfaces to (external) clients. If you add cert via User UI it will be added but it will not be in use
Install a PEM in vRealize Operations:
- In a Web browser, navigate to the vRealize Operations administration interface.
https://vrops-node-FQDN-or-IP/admin
- Log in with the admin username and password.
- At the upper right, click the yellow SSL Certificate icon.
- In the SSL Certificate window, click Install New Certificate
- Click Browse for certificate.
- Locate the certificate .pem file, and click Open to load the file in the Certificate Information text box.
NOTE: The certificate file must contain a valid private key and a valid certificate chain.
- Click Install.
NOTE: vROps may responding or display white page. Simply refresh your browser.
If you need explanation or you do have any questions related to this issue, please do not hesitate to leave the comment.
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A