VMware Cloud Community
cvzrx
Contributor
Contributor
‎03-19-2023 05:04 PM

Create CSR files for VMware Cloud Director 10.4 issue

Hello. I am trying to install vCloud director with CA signed certs, however, I follow the bellow link in section No. 5

https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Install-Configure-Upgrad...

when trying to use the below commands to generate a CSR file I get nothing

openssl req -new -key /opt/vmware/vcloud-director/etc/user.http.key -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:vcd-cell01.cat.lab,DNS:vcd-cell01,IP:10.0.2.111\n")) -out http.csr

openssl req -new -key /opt/vmware/vcloud-director/etc/user.consoleproxy.key -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:vcd-cell01.cat.lab,DNS:vcd-cell01,IP:10.0.2.111\n")) -out consoleproxy.csr

cvzrx_2-1679271501992.png

cvzrx_1-1679271323697.png

Where can I find CSR files to Send them to my Certificate Authority for signing?

 

Labels (1)
Labels

  • ow

0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee
‎03-21-2023 04:04 AM

You can either follow the steps mentioned in the documentation or use any CSR-generating software and import the signed certs to VCD. 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
cvzrx
Contributor
Contributor
‎03-21-2023 06:58 AM

I followed the steps in the link that I mention and after completing the steps I can't find the CSR file

 

0 Kudos
moellerjot
Enthusiast
Enthusiast
‎04-03-2023 01:45 AM

Try this....

Change: 
countryName = ORG
stateOrProvinceName = MyProvice
localityName = MyCity
0.organizationName = MyOrg 
commonName = $fqdn

 

#!/bin/bash
export fqdn=$1
echo
# csr ausführen

if [ -z "$1" ] ;
   then
      echo "Please enter up to 9 FQDN: "
      echo "e.G. myhostname.myhost.net"
      exit 1
fi

prefix="$fqdn/`date +"%Y"`"
mkdir -p $prefix
cd ./$prefix

echo -n "
[ req ]
default_bits = 4096
default_keyfile = $fqdn.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
#extendedKeyUsage = serverAuth, clientAuth
subjectAltName = _names

[ req_distinguished_name ]
countryName = ORG
stateOrProvinceName = MyProvice
localityName = MyCity
0.organizationName = MyOrg # possible obsolet
commonName = $fqdn

[ alternate_names ]
DNS.1 = $fqdn
"> ./$fqdn.cfg
if [ "$2" != '' ] ;
   then
      echo 'DNS.2 = '$2 >> ./$fqdn.cfg
fi
if [ "$3" != '' ] ;
   then
      echo 'DNS.3 = '$3 >> ./$fqdn.cfg
fi
if [ "$4" != '' ] ;
   then
      echo 'DNS.4 = '$4 >> ./$fqdn.cfg
fi
if [ "$5" != '' ] ;
   then
      echo 'DNS.5 = '$5 >> ./$fqdn.cfg
fi
if [ "$6" != '' ] ;
   then
      echo 'DNS.6 = '$6 >> ./$fqdn.cfg
fi
if [ "$7" != '' ] ;
   then
      echo 'DNS.7 = '$7 >> ./$fqdn.cfg
fi
if [ "$8" != '' ] ;
   then
      echo 'DNS.8 = '$8 >> ./$fqdn.cfg
fi
if [ "$9" != '' ] ;
   then
      echo 'DNS.9 = '$9 >> ./$fqdn.cfg
fi

openssl req -new -nodes -out $fqdn.csr -keyout $fqdn.key -config $fqdn.cfg

 

#no-support
#MIT-Copyleft

0 Kudos