Hi Matt,

Please find the below steps on replacing the SSL certificate

0. Backup the Skyline Appliance.

1.Create a new file, openssl.cfg, and populate it with the following content:

(Update subjectAltName and all content under "[ req_distinguished_name ]" as you see fit)

[ req ]

default_bits = 2048

default_keyfile = rui.key

distinguished_name = req_distinguished_name

encrypt_key = no

prompt = no

string_mask = nombstr

req_extensions = v3_req

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth, clientAuth

subjectAltName = DNS:HOSTNAME, DNS:HOSTNAME.FQDN

[ req_distinguished_name ]

countryName = US

stateOrProvinceName = NY

localityName = New York

0.organizationName = VMWare

organizationalUnitName = VMwareGSS

commonName = HOSTNAME

2. Run the following command to generate a CSR and KEY based on the contents from the above file:

openssl req -new -nodes -out rui.csr -keyout rui.key -config openssl.cfg

3. Provide the CSR to your CA and get it signed (I used the default Web Server template).

cat rui.csr

4. Create a new file, rui.crt, with the contents from the SSL certificate you receive.

vi rui.crt

5. Overwrite the existing Skyline SSL certificate and key with the newly created files.

cp rui.key /usr/local/skyline/ui/nginx-selfsigned.key

cp rui.crt /usr/local/skyline/ui/nginx-selfsigned.crt

6. Restart the nginx service

systemctl restart nginx

7. Overwrite the existing VAMI PEM file with the newly created certificate and key pair.

cat rui.key > /opt/vmware/etc/lighttpd/server.pem

cat rui.crt >> /opt/vmware/etc/lighttpd/server.pem

8. Restart the VAMI service.

/etc/init.d/vami-lighttp restart

9. Open a browser and confirm that https://Skyline-Hostname:443/ and https://Skyline-Hostname:5480/ both have the newly created SSL certificate.

Regards

Yuvaraj

Skyline Community Moderator