Generate Manually a Key Pair and Certificate Signing Request for the Platform Services Controller Instances in Region B

Generate a single Certificate Signing Request (CSR) for the load-balanced Platform Services Controllers and submit it to the certificate authority for signing. The two Platform Services Controllers have the same certificate.

Procedure

  1. Log in to the Windows host that has access to the data center.

  2. Log in to the Platform Services Controller appliance for the management cluster by using a Secure Shell (SSH) client.

    1. Open an SSH connection to the mgmt01psc01.lax01.rainpole.local virtual machine.
    2. Log in using the following credentials. |Setting|Value| |:------|:----| |User name|root| |Password|mgmtpsc_root_password|

  3. Enable the Bash shell by running the following command.

    {#GUID-7DDD5471-2D1E-4440-B650-E77D95DCBF2B__codeblock_13DD0FEA158643AE8987C5668B1FEAD3 .pre .codeblock} shell

  4. Create a directory to save the certificate signing request and private key to.

    {#GUID-7DDD5471-2D1E-4440-B650-E77D95DCBF2B__codeblock_95690C88906D4A339426524E549AF785 .pre .codeblock} mkdir /tmp/ssl

  5. Start the vSphere Certificate Manager utility.

    {#GUID-7DDD5471-2D1E-4440-B650-E77D95DCBF2B__codeblock_3FC88B76445841D9B5724C1228273E4E .pre .codeblock} /usr/lib/vmware-vmca/bin/certificate-manager

  6. Select Option 1 (Replace Machine SSL certificate with Custom Certificate), enter the default vCenter Single Sign-On user name [email protected] and the vsphere_admin_password password.

  7. When prompted for the Infrastructure Server IP, enter the IP address of the Platform Services Controller 172.17.11.61.
  8. Select Option 1 (Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate), and enter /tmp/ssl for the directory to save the certificate signing request and private key to.

  9. Provide the following settings to configure certool.cfg and close the vSphere Certificate Manager utility.

    |Setting|Value| |:------|:----| |Country|US| |Name|lax01psc51.lax01.rainpole.local| |Organization|Rainpole Inc.| |OrgUnit|Rainpole.local| |State|California| |Locality|Palo Alto| |IPAddress|| |Email|[email protected]| |Hostname|lax01psc51.lax01.rainpole.local|

    The created CSR files are vmca_issued_csr.csr and vmca_issued_key.key in the /tmp/ssl folder.

  10. Run the following command to rename the vmca_issued_csr.csr and vmca_issued_key.key files to match the Platform Services Controller load balancer IP address.

    {#GUID-7DDD5471-2D1E-4440-B650-E77D95DCBF2B__codeblock_5B2AA0F0168448469476A32AD054CFE3 .pre .codeblock} mv vmca_issued_csr.csr lax01psc51.lax01.csr mv vmca_issued_key.key lax01psc51.lax51.key

  11. Copy the .csr file to a directory C:\manual-certs\lax01psc51\ on the Windows host.

Parent topic: Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region B

results matching ""

    No results matching ""