Hello. I am trying to install vCloud director with CA signed certs, however, I follow the bellow link in section No. 5
when trying to use the below commands to generate a CSR file I get nothing
openssl req -new -key /opt/vmware/vcloud-director/etc/user.http.key -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:vcd-cell01.cat.lab,DNS:vcd-cell01,IP:10.0.2.111\n")) -out http.csr
openssl req -new -key /opt/vmware/vcloud-director/etc/user.consoleproxy.key -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:vcd-cell01.cat.lab,DNS:vcd-cell01,IP:10.0.2.111\n")) -out consoleproxy.csr
Where can I find CSR files to Send them to my Certificate Authority for signing?
You can either follow the steps mentioned in the documentation or use any CSR-generating software and import the signed certs to VCD.
I followed the steps in the link that I mention and after completing the steps I can't find the CSR file
Try this....
Change:
countryName = ORG
stateOrProvinceName = MyProvice
localityName = MyCity
0.organizationName = MyOrg
commonName = $fqdn
#!/bin/bash
export fqdn=$1
echo
# csr ausführen
if [ -z "$1" ] ;
then
echo "Please enter up to 9 FQDN: "
echo "e.G. myhostname.myhost.net"
exit 1
fi
prefix="$fqdn/`date +"%Y"`"
mkdir -p $prefix
cd ./$prefix
echo -n "
[ req ]
default_bits = 4096
default_keyfile = $fqdn.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
#extendedKeyUsage = serverAuth, clientAuth
subjectAltName = _names
[ req_distinguished_name ]
countryName = ORG
stateOrProvinceName = MyProvice
localityName = MyCity
0.organizationName = MyOrg # possible obsolet
commonName = $fqdn
[ alternate_names ]
DNS.1 = $fqdn
"> ./$fqdn.cfg
if [ "$2" != '' ] ;
then
echo 'DNS.2 = '$2 >> ./$fqdn.cfg
fi
if [ "$3" != '' ] ;
then
echo 'DNS.3 = '$3 >> ./$fqdn.cfg
fi
if [ "$4" != '' ] ;
then
echo 'DNS.4 = '$4 >> ./$fqdn.cfg
fi
if [ "$5" != '' ] ;
then
echo 'DNS.5 = '$5 >> ./$fqdn.cfg
fi
if [ "$6" != '' ] ;
then
echo 'DNS.6 = '$6 >> ./$fqdn.cfg
fi
if [ "$7" != '' ] ;
then
echo 'DNS.7 = '$7 >> ./$fqdn.cfg
fi
if [ "$8" != '' ] ;
then
echo 'DNS.8 = '$8 >> ./$fqdn.cfg
fi
if [ "$9" != '' ] ;
then
echo 'DNS.9 = '$9 >> ./$fqdn.cfg
fi
openssl req -new -nodes -out $fqdn.csr -keyout $fqdn.key -config $fqdn.cfg
#no-support
#MIT-Copyleft