How shall I go about getting a legit certificate installed?
Hi Matt,
Please find the below steps on replacing the SSL certificate
0. Backup the Skyline Appliance.
1.Create a new file, openssl.cfg, and populate it with the following content:
(Update subjectAltName and all content under "[ req_distinguished_name ]" as you see fit)
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:HOSTNAME, DNS:HOSTNAME.FQDN
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = NY
localityName = New York
0.organizationName = VMWare
organizationalUnitName = VMwareGSS
commonName = HOSTNAME
2. Run the following command to generate a CSR and KEY based on the contents from the above file:
openssl req -new -nodes -out rui.csr -keyout rui.key -config openssl.cfg
3. Provide the CSR to your CA and get it signed (I used the default Web Server template).
cat rui.csr
4. Create a new file, rui.crt, with the contents from the SSL certificate you receive.
vi rui.crt
5. Overwrite the existing Skyline SSL certificate and key with the newly created files.
cp rui.key /usr/local/skyline/ui/nginx-selfsigned.key
cp rui.crt /usr/local/skyline/ui/nginx-selfsigned.crt
6. Restart the nginx service
systemctl restart nginx
7. Overwrite the existing VAMI PEM file with the newly created certificate and key pair.
cat rui.key > /opt/vmware/etc/lighttpd/server.pem
cat rui.crt >> /opt/vmware/etc/lighttpd/server.pem
8. Restart the VAMI service.
/etc/init.d/vami-lighttp restart
9. Open a browser and confirm that https://Skyline-Hostname:443/ and https://Skyline-Hostname:5480/ both have the newly created SSL certificate.
Regards
Yuvaraj
Skyline Community Moderator
Hello Matt,
Welcome to the communities!
Are we talking about installing the custom certificates on the collector appliance?
Regards
Yuvaraj
Skyline Community Moderator
Hi Matt,
Please find the below steps on replacing the SSL certificate
0. Backup the Skyline Appliance.
1.Create a new file, openssl.cfg, and populate it with the following content:
(Update subjectAltName and all content under "[ req_distinguished_name ]" as you see fit)
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:HOSTNAME, DNS:HOSTNAME.FQDN
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = NY
localityName = New York
0.organizationName = VMWare
organizationalUnitName = VMwareGSS
commonName = HOSTNAME
2. Run the following command to generate a CSR and KEY based on the contents from the above file:
openssl req -new -nodes -out rui.csr -keyout rui.key -config openssl.cfg
3. Provide the CSR to your CA and get it signed (I used the default Web Server template).
cat rui.csr
4. Create a new file, rui.crt, with the contents from the SSL certificate you receive.
vi rui.crt
5. Overwrite the existing Skyline SSL certificate and key with the newly created files.
cp rui.key /usr/local/skyline/ui/nginx-selfsigned.key
cp rui.crt /usr/local/skyline/ui/nginx-selfsigned.crt
6. Restart the nginx service
systemctl restart nginx
7. Overwrite the existing VAMI PEM file with the newly created certificate and key pair.
cat rui.key > /opt/vmware/etc/lighttpd/server.pem
cat rui.crt >> /opt/vmware/etc/lighttpd/server.pem
8. Restart the VAMI service.
/etc/init.d/vami-lighttp restart
9. Open a browser and confirm that https://Skyline-Hostname:443/ and https://Skyline-Hostname:5480/ both have the newly created SSL certificate.
Regards
Yuvaraj
Skyline Community Moderator