Generate Key Pairs and Certificate Signing Requests for vSphere Replication

Generate key pair and certificate signing request (CSR) files that you can use to obtain CA-signed certificates for vSphere Replication.

About this task

File Name vSphere Replication in Region A vSphere Replication in Region B
CSR File Name mgmt01vrms01.sfo01_ssl.csr mgmt01vrms51.lax01_ssl.csr
Key File Name mgmt01vrms01.sfo01_ssl.key mgmt01vrms51.lax01_ssl.key

Procedure

  1. On your computer, create a configuration file for certificate request generation.

    vSphere Replication

    File Name

    vSphere Replication in Region A

    mgmt01vrms01.sfo01.cfg

    vSphere Replication in Region B

    mgmt01vrms51.lax01.cfg

    ``` {#GUID-234FFA70-60F5-4E68-B899-92405FED865E__codeblock_75122FC7A8194F97985F73E4E4356E7E .pre .codeblock} [ req ] default_bits = 2048 default_keyfile = rui.key distinguished_name = req_distinguished_name encrypt_key = no prompt = no string_mask = nombstr req_extensions = v3_req

    [ v3_req ] basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth, clientAuth subjectAltName = DNS: mgmt01vrms01, IP: 172.16.11.123, DNS: mgmt01vrms01.sfo01.rainpole.local

    [ req_distinguished_name ] countryName = US stateOrProvinceName = CA localityName = Palo Alto 0.organizationName = Rainpole Inc. organizationalUnitName = Rainpole.local commonName = mgmt01vrms01.sfo01.rainpole.local ```

  2. Change the settings in the configuration file as per the table below. |Property|Region A|Region B| |:-------|:-------|:-------| |subjectAltName|DNS:mgmt01vrms01, IP:172.16.11.123, DNS:mgmt01vrms01.sfo01.rainpole.local|DNS:mgmt01vrms51, IP:172.17.11.123, DNS:mgmt01vrms51.lax01.rainpole.local| |countryName|US|US| |StateOrProvinceName|CA|CA| |localityName|Palo Alto|Palo Alto| |0.organizationName|Rainpole Inc.|Rainpole Inc.| |organizationalUnitName|Rainpole.local|Rainpole.local| |commonName|mgmt01vrms01.sfo01.rainpole.local|mgmt01vrms51.lax01.rainpole.local|

  3. Enable the SSH service on the vSphere Replication virtual appliance.

    1. Open a Web browser and go to https://mgmt01vc01.sfo01.rainpole.local/vsphere-client.

    2. Log in using the following credentials.

      Setting

      Value

      User name

      [email protected]

      Password

      vsphere_admin_password

    3. Right-click the mgmt01vrms01 virtual appliance and select Open Console to open the remote console to the appliance.

    4. Press ALT+F1 to switch to the command prompt.

    5. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vr_root_password

    6. Start the SSH service by running the following command.

      {#GUID-234FFA70-60F5-4E68-B899-92405FED865E__ID-3390-00000158 .pre .codeblock} /usr/bin/enable-sshd.sh

    7. Close the remote console

  4. Log in to the vSphere Replication by using a Secure Shell (SSH) client.

    1. Open an SSH connection to the following virtual machine.

      vSphere Replication

      FQDN

      vSphere Replication in Region A

      mgmt01vrms01.sfo01.rainpole.local

      vSphere Replication in Region B

      mgmt01vrms51.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      • vr_sfo_root_password

      • vr_lax_root_password

  5. Create a /tmp/ssl folder on the vSphere Replication appliance.

  6. Copy the configuration file from your computer to the /tmp/ssl folder on the vSphere Replication appliance.

  7. On the vSphere Replication appliance, go to the /tmp/ssl folder and generate the certificate signing request by running the following command.

    vSphere Replication

    Command

    vSphere Replication in Region A

    openssl req -new -nodes -out mgmt01vrms01.sfo01_ssl.csr -keyout mgmt01vrms01.sfo01-orig.key -config mgmt01vrms01.sfo01.cfg

    vSphere Replication in Region B

    openssl req -new -nodes -out mgmt01vrms51.lax01_ssl.csr -keyout mgmt01vrms51.lax01-orig.key -config mgmt01vrms51.lax01.cfg

  8. Convert the key returned by the command to the RSA format.

    vSphere Replication

    Command

    vSphere Replication in Region A

    openssl rsa -inmgmt01vrms01.sfo01-orig.key-outmgmt01vrms01.sfo01_ssl.key

    vSphere Replication in Region B

    openssl rsa -inmgmt01vrms51.lax01-orig.key-outmgmt01vrms51.lax01_ssl.key

  9. Copy the CSR file to the Windows host that has access to your data center.

    vSphere Replication

    Folder on the Windows Host

    vSphere Replication in Region A

    C:\manual-certs\vr\mgmt01vrms01.sfo01

    vSphere Replication in Region B

    C:\manual-certs\vr\mgmt01vrms51.lax01

  10. Repeat the steps to generate a CSR for the other vSphere Replication instance.

Parent topic: Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region B

results matching ""

    No results matching ""