How to install singed Certificate on Openfiler (Virtual SAN)

In this post we will perform following tasks.

  1. Generate the New SSL Key from existing key.
  2. Generate CSR Request.
  3. Request the certificate from Microsoft CA.
  4. Install the newly signed certificate in openfiler.
  5. verify

This step is optional for our Lab.but I am going to configure it anyway because I want to use my signed certificate for every installation in my lab. this process will help you in production. if you want to install third party certificate such as external CA like VeriSign, geoturst etc. 

In this post, i am going to use my own windows certificate authority server. which i had installed in my cloud lab.if you don’t remember it. just click here

Let’s get started.

open your putty client and SSH on Openfiler machine.

Go to SSL Directory

#cd /opt/openfiler/etc/httpd/conf


Stop Openfiler service.

# Service Openfiler stop


Generate the New SSL key from existing key.

#openssl genrsa -out ssl.key/openfiler-dummy-server-1.key 2048


Generate CSR Request

#openssl req -new -key ssl.key/openfiler-dummy-server-1.key -out ssl.csr/openfiler-dummy-server-1.csr


Take the CSR file generated and get your certificate.

Login to SCP and copy the certificate request to CA Server (


Go to “/opt/Openfiler/etc/httpd/conf/ssl.csr” on open filer machine and copy the cert to your CA Server.

Use drag and drop for copy.


Request the Certificate from Mircrosoft CA.

Log in to the Microsoft CA certificate authority web interface. By default, it is http://<servername>/CertSrv/

Click “Request a certificate”.


Click “advanced certificate request”.


Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or “submit a renewal request by using a base-64-encoded PKCS #7” file.


Open the certificate request (openfiler-dummy-server-1.csr) file in a plain text editor.

Copy from —–BEGIN CERTIFICATE REQUEST—– to —–END CERTIFICATE REQUEST—– into the Saved Request box. Make sure no blank space exists in the start and end.


Click “VMWare Template” (which we created in CA Server installation section, if you don’t remember here.). 


Click “Submit” to submit the request.

Click “Base 64 encoded” on the Certificate issued screen.


Click “Download Certificate”.

*NOTE: Save the certificate on the desktop or any other drive of the server as “openfiler-dummy-server-1.crt”*


Install the Newly Signed Certificate in openfiler

Now copy your signed certificate back to Openfiler machine.

Use “WinSCP” to login on openfiler. From WinSCP change directory “/opt/Openfiler/etc/httpd/conf/ssl.crt” as shown below on right side windows


*NOTE: it’s not necessary to make the backup of orginal .crt file. But its already good practice to take backup before copy new one*

 Start the Openfiler service

# Service Openfiler start



Login to Openfiler web GUI (


You have noticed certificate warning is gone. See the yellow highlighted sign for trust CA.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s