How to install singed Certificate on Openfiler (Virtual SAN)

In this post we will perform following tasks.

  1. Generate the New SSL Key from existing key.
  2. Generate CSR Request.
  3. Request the certificate from Microsoft CA.
  4. Install the newly signed certificate in openfiler.
  5. verify

This step is optional for our Lab.but I am going to configure it anyway because I want to use my signed certificate for every installation in my lab. this process will help you in production. if you want to install third party certificate such as external CA like VeriSign, geoturst etc. 

In this post, i am going to use my own windows certificate authority server. which i had installed in my cloud lab.if you don’t remember it. just click here

Let’s get started.

open your putty client and SSH on Openfiler machine.

Go to SSL Directory

#cd /opt/openfiler/etc/httpd/conf

cloudlab7-virtualsan-61

Stop Openfiler service.

# Service Openfiler stop

cloudlab7-virtualsan-62

Generate the New SSL key from existing key.

#openssl genrsa -out ssl.key/openfiler-dummy-server-1.key 2048

cloudlab7-virtualsan-63

Generate CSR Request

#openssl req -new -key ssl.key/openfiler-dummy-server-1.key -out ssl.csr/openfiler-dummy-server-1.csr

cloudlab7-virtualsan-64

Take the CSR file generated and get your certificate.

Login to SCP and copy the certificate request to CA Server (192.168.150.2).

cloudlab7-virtualsan-65

Go to “/opt/Openfiler/etc/httpd/conf/ssl.csr” on open filer machine and copy the cert to your CA Server.

Use drag and drop for copy.

cloudlab7-virtualsan-66

Request the Certificate from Mircrosoft CA.

Log in to the Microsoft CA certificate authority web interface. By default, it is http://<servername>/CertSrv/

Click “Request a certificate”.

cloudlab7-virtualsan-67

Click “advanced certificate request”.

cloudlab7-virtualsan-68

Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or “submit a renewal request by using a base-64-encoded PKCS #7” file.

cloudlab7-virtualsan-69

Open the certificate request (openfiler-dummy-server-1.csr) file in a plain text editor.

Copy from —–BEGIN CERTIFICATE REQUEST—– to —–END CERTIFICATE REQUEST—– into the Saved Request box. Make sure no blank space exists in the start and end.

cloudlab7-virtualsan-70

Click “VMWare Template” (which we created in CA Server installation section, if you don’t remember it.click here.). 

cloudlab7-virtualsan-71

Click “Submit” to submit the request.

Click “Base 64 encoded” on the Certificate issued screen.

cloudlab7-virtualsan-72

Click “Download Certificate”.

*NOTE: Save the certificate on the desktop or any other drive of the server as “openfiler-dummy-server-1.crt”*

cloudlab7-virtualsan-73

Install the Newly Signed Certificate in openfiler

Now copy your signed certificate back to Openfiler machine.

Use “WinSCP” to login on openfiler. From WinSCP change directory “/opt/Openfiler/etc/httpd/conf/ssl.crt” as shown below on right side windows

cloudlab7-virtualsan-74

*NOTE: it’s not necessary to make the backup of orginal .crt file. But its already good practice to take backup before copy new one*

 Start the Openfiler service

# Service Openfiler start

cloudlab7-virtualsan-75

Verify

Login to Openfiler web GUI (https://cloud-vsan.vmlab.com:446)

cloudlab7-virtualsan-76

You have noticed certificate warning is gone. See the yellow highlighted sign for trust CA.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s