In this post we will perform following tasks.
- Generate the New SSL Key from existing key.
- Generate CSR Request.
- Request the certificate from Microsoft CA.
- Install the newly signed certificate in openfiler.
This step is optional for our Lab.but I am going to configure it anyway because I want to use my signed certificate for every installation in my lab. this process will help you in production. if you want to install third party certificate such as external CA like VeriSign, geoturst etc.
In this post, i am going to use my own windows certificate authority server. which i had installed in my cloud lab.if you don’t remember it. just click here.
Let’s get started.
open your putty client and SSH on Openfiler machine.
Go to SSL Directory
Stop Openfiler service.
# Service Openfiler stop
Generate the New SSL key from existing key.
#openssl genrsa -out ssl.key/openfiler-dummy-server-1.key 2048
Generate CSR Request
#openssl req -new -key ssl.key/openfiler-dummy-server-1.key -out ssl.csr/openfiler-dummy-server-1.csr
Take the CSR file generated and get your certificate.
Login to SCP and copy the certificate request to CA Server (192.168.150.2).
Go to “/opt/Openfiler/etc/httpd/conf/ssl.csr” on open filer machine and copy the cert to your CA Server.
Use drag and drop for copy.
Request the Certificate from Mircrosoft CA.
Log in to the Microsoft CA certificate authority web interface. By default, it is http://<servername>/CertSrv/
Click “Request a certificate”.
Click “advanced certificate request”.
Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or “submit a renewal request by using a base-64-encoded PKCS #7” file.
Open the certificate request (openfiler-dummy-server-1.csr) file in a plain text editor.
Copy from —–BEGIN CERTIFICATE REQUEST—– to —–END CERTIFICATE REQUEST—– into the Saved Request box. Make sure no blank space exists in the start and end.
Click “VMWare Template” (which we created in CA Server installation section, if you don’t remember it.click here.).
Click “Submit” to submit the request.
Click “Base 64 encoded” on the Certificate issued screen.
Click “Download Certificate”.
*NOTE: Save the certificate on the desktop or any other drive of the server as “openfiler-dummy-server-1.crt”*
Install the Newly Signed Certificate in openfiler
Now copy your signed certificate back to Openfiler machine.
Use “WinSCP” to login on openfiler. From WinSCP change directory “/opt/Openfiler/etc/httpd/conf/ssl.crt” as shown below on right side windows
*NOTE: it’s not necessary to make the backup of orginal .crt file. But its already good practice to take backup before copy new one*
Start the Openfiler service
# Service Openfiler start
Login to Openfiler web GUI (https://cloud-vsan.vmlab.com:446)
You have noticed certificate warning is gone. See the yellow highlighted sign for trust CA.