Generate Manually Key Pairs and Certificate Signing Requests for the ESXi Hosts in Region B

If you plan to manually generate certificates for the ESXi management hosts in Region B, on the Management vCenter Server generate a key pair and Certificate Signing Request (CSR) for each hosts. Submit the CSR file to the certificate authority for signing.

Before you begin

Verify that the Windows that you use for access to the data center is a part of the lax01.rainpole.local domain.

About this task

You start with the hosts in the management cluster first and for to the hosts in the shared edge and compute cluster next.

You use the Management vCenter Server to generate the key pair and the CSR files because the appliance already runs the required software for CSR generation installed. You can also use another Linux OS instance that has OpenSSL installed.

Procedure

  1. Log in to the Windows host that has access to your data center.
  2. If not already created, create a folder C:\manual-certs\esxhosts.

  3. Log in to mgmt01vc51.lax01.rainpole.local by using Secure Shell (SSH) client.

    1. Open an SSH connection to the virtual machine mgmt01vc51.lax01.rainpole.local.

    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vcenter_server_root_password

  4. Enable the Bash shell by running these commands.

    {#GUID-C5D06178-0978-4378-9B0F-F76ABBFF02D0__codeblock_010E3EBD848148E59875F7C6538F27FA .pre .codeblock} shell

  5. Create a directory to save the certificate signing request and the private key to.

    {#GUID-C5D06178-0978-4378-9B0F-F76ABBFF02D0__codeblock_45A1838EBA4249CE91EF77BF536C6471 .pre .codeblock} mkdir /tmp/ssl

  6. Navigate to the temporary directory by running the following command.

    {#GUID-C5D06178-0978-4378-9B0F-F76ABBFF02D0__codeblock_9F998E7F78CA46479B4BBFE0EFA73C7B .pre .codeblock} cd /tmp/ssl

  7. Generate a private key pair and CSR file for the mgmt01esx51.lax01.rainpole.local host by running the following command.

    {#GUID-C5D06178-0978-4378-9B0F-F76ABBFF02D0__codeblock_A472DE8541354230AAD1E23CF2566D6B .pre .codeblock} openssl req -nodes -newkey rsa:2048 -keyout mgmt01esx51.key -out mgmt01esx51.csr -subj "/C=US/ST=CA/L=LAX/O=Rainpole Inc./OU=Rainpole.local/CN=mgmt01esx51.lax01.rainpole.local"

  8. Repeat 7 to create a key pair and CSR for each of the hosts in the management cluster. |Hosts Name|Key File Name|CSR File Name| |:---------|:------------|:------------| |mgmt01esx52.lax01.rainpole.local|mgmt01esx52.key|mgmt01esx52.csr| |mgmt01esx53.lax01.rainpole.local|mgmt01esx53.key|mgmt01esx53.csr| |mgmt01esx54.lax01.rainpole.local|mgmt01esx54.key|mgmt01esx54.csr| |comp01esx51.lax01.rainpole.local|comp01esx51.key|comp01esx51.csr| |comp01esx52.lax01.rainpole.local|comp01esx52.key|comp01esx52.csr| |comp01esx53.lax01.rainpole.local|comp01esx53.key|comp01esx53.csr| |comp01esx54.lax01.rainpole.local|comp01esx54.key|comp01esx54.csr|

  9. Copy all the key and CSR files to the C:\manual-certs\esxhosts\ directory on the Windows host.

What to do next

Obtain a signed certificate from the Microsoft certificate authority. See Generate CA-Signed Certificates for the SDDC Management Components in Region B .

Parent topic: Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region B

results matching ""

    No results matching ""