Generate Manually Key Pair and Certificate Signing Request for the Platform Services Controller Instances in Region A

Generate a single Certificate Signing Request (CSR) for the Platform Services Controller load balancer and submit it to the certificate authority for signing.

Before you begin

Verify that the Windows that you use for access to the data center is a part of the sfo01.rainpole.local domain.

Procedure

  1. Log in to the Windows host that has access to the data center.

  2. Log in to the Platform Services Controller appliance for the management cluster by using a Secure Shell (SSH) client.

    1. Open an SSH connection to the mgmt01psc01.sfo01.rainpole.local virtual machine.
    2. Log in using the following credentials. |Setting|Value| |:------|:----| |User name|root| |Password|mgmtpsc_root_password|

  3. Enable the Bash shell by running the following command.

    {#GUID-D1F309A1-CF3F-45B1-A918-F7F0B7092C3C__codeblock_17F9E3BB34C54B40AD0D3FF6EF3B131E .pre .codeblock} shell

  4. Create a directory to save the certificate signing request and private key to.

    {#GUID-D1F309A1-CF3F-45B1-A918-F7F0B7092C3C__codeblock_95690C88906D4A339426524E549AF785 .pre .codeblock} mkdir /tmp/ssl

  5. Start the vSphere Certificate Manager utility.

    {#GUID-D1F309A1-CF3F-45B1-A918-F7F0B7092C3C__codeblock_3FC88B76445841D9B5724C1228273E4E .pre .codeblock} /usr/lib/vmware-vmca/bin/certificate-manager

  6. Select Option 1 (Replace Machine SSL certificate with Custom Certificate), enter the default vCenter Single Sign-On user name [email protected] and the vsphere_admin_password password.

  7. When prompted for the Infrastructure Server IP, enter the IP address of the Platform Services Controller 172.16.11.61.
  8. Select Option 1 (Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate), and enter /tmp/ssl for the directory to save the certificate signing request and private key to.

  9. Provide the following settings to configure certool.cfg and close the vSphere Certificate Manager utility.

    |Setting|Value| |:------|:----| |Country|US| |Name|sfo01psc01.sfo01.rainpole.local| |Organization|Rainpole Inc.| |OrgUnit|Rainpole.local| |State|California| |Locality|Palo Alto| |IPAddress|| |Email|[email protected]| |Hostname|sfo01psc01.sfo01.rainpole.local|

    The created CSR files are vmca_issued_csr.csr and vmca_issued_key.key in the /tmp/ssl folder.

  10. Run the following command to rename the vmca_issued_csr.csr and vmca_issued_key.key files to match the Platform Services Controller load balancer IP address.

    {#GUID-D1F309A1-CF3F-45B1-A918-F7F0B7092C3C__codeblock_CE2C38E9F7F84EB6A1D993C64FA061C6 .pre .codeblock} mv vmca_issued_csr.csr sfo01psc01.sfo01.csr mv vmca_issued_key.key sfo01psc01.sfo01.key

  11. Copy the .csr file to a directory C:\manual-certs\sfo01psc01 on the Windows host.

Parent topic: Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region A

results matching ""

    No results matching ""