Now I can use the vrops.pem file and apply that to vROPS. The command to do that in Ubuntu is below: cat vrops.cer vrops.key ca-chain.cer > vrops.pem Enter CSR and Private Key command Generate a private key and CSR by running the following command: Here is the plain text version to copy and paste into your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server. ![]() I googled a lot but couldnt find anything using either openssl or java keytool by which I can specify 2 OU Names. openssl req new newkey rsa:2048 nodes keyout server.key out server.csr. Note: Make sure to replace server with the name of your server. ![]() Log in to your server via your terminal client (ssh). The problem is that the Certifying Authority to which I have to send my CSR wants 2 OU (Organizational Unit) Names. If you prefer to build your own shell commands to generate your Apache CSR, follow the instructions below. Issuing the certificate is pretty straight forward.įor import into vROPS I require a PEM file so I need to take the issued certificate, private key and any chain certificates and concatenate them in order to create the PEM file. You will want to log in via Secure Shell (SSH). While generating a CSR we are required to fill in several details like CN, OU, etc. On Ubuntu this opens in preview which is a nice way to check the contents before sending onto the CA for issuing the cert. I can now view the CSR by double clicking and viewing it. The above command outputs a new 2048 bit private key called vrops.key, a Certificate Signing request (CSR) called vrops.csr and uses the config file vrops_nf The -nodes switch avoids the outputs having password protection which I don’t require. openssl req -newkey rsa:2048 -keyout vrops.key -out vrops.csr -config vrops_nf -nodes Once the config file is saved I open a terminal and run the following command. If you already have an existing key and you simply need to generate a. KeyUsage = keyEncipherment, dataEncipherment It works fine, but now Im trying to create these files with more than one OU (organizationalUnitName), but Im failing to achieve it. openssl req -new -newkey rsa:2048 -keyout NAMEOFHOST.pem -nodes -out NAMEOFHOST.csr. Here I have 2 vROPS nodes in my cluster plus the load balancer VIP address in both FQDN and shortname: ĭistinguished_name = req_distinguished_name Depending on your environment you may need more or less sections in the file. ![]() The file is saved into my homefolder so I can find it again.īelow are the contents for that file. You can follow the same process to create CSR key for single. Processįirst step is to create a configuration file which I am calling vrops_nf. You should have SSH access to server and root level access to create CSR key and private key. Of course there are many ways to do this and some other examples from other sites are listed at the botton under documention. This is something that I do every now and again but have to recall the steps and commands I used which usually take a few minutes.Īs part of documenting this for the customer I decided to put the commands I used here for posterity. Recently I was required to create a CSR for a customer in order to issue a Custom SSL Certificate. Author: Paul Published on: FebruPublished in: Certificates
0 Comments
Leave a Reply. |