Using OpenSSL for NSX Manager SSL import:
Creates CSR and 4096 bit KEY
Creating NSX 6.4.2 SSL
openssl req -out nsxcert.csr -newkey
rsa:4096 -nodes -keyout nsxcert.key -config dc1vc2nsxmgr01.cnf
Log into WIndows PKI
Open CSR in Notepad++ then paste into the
Windows PKI Cert web:
https://nsmvpkiweb01/certsrv/
Request a Cert
Submit a certificate request by using a
base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a
base-64-encoded PKCS #7 file.
Cert Template: VSphere6.5 (Drop down)
On Windows PKI server for vCenter SSL
cert you will need the **Base 64 encode**:
nsxcert.cer (machine cert)
nsxcert.p7b (CA chain)
Carries Sub and Root CA information
Open
nsxcert.p7b Extract Sub and Root CA and
save as:
nsx-sub-root.cer
nsx-root.cer
(Know order sequence)
Copy 3 files to the workstation with
OPENSSL BIN directory
nsxcert.cer
nsx-sub-root.cer
nsx-root.cer
**Have nsxcert.key in same BIN
directory**
Use notepad++
machine+key+sub+root
save as .PEM
example: nsx-sub-root.pem
Convert PEM to PFX using OpenSSL
openssl pkcs12 -export -out nsx.pfx
-inkey vransxcert.key -in nsx-machine.cer -certfile nsx-sub-root.pem
*****************************************************************************
Format to save as CNF for OpenSSL configuration file:
SSL SAN template:
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName
= US
stateOrProvinceName
= GA
localityName
= Atlanta
organizationName
= North
commonName
= DC1VC2NSXMGR01.north.local
[ req_ext ]
subjectAltName
= @alt_names
[alt_names]
DNS.1 = DC1VC2NSXMGR01.northside.local
DNS.2 = DC1VC3NSXMGR01.northside.local
DNS.3 = DC1VC4NSXMGR01.northside.local
DNS.4 = DC1VC5NSXMGR01.northside.local
No comments:
Post a Comment