Issue: When using default certificates in vROPS Due to security requirements it was necessary to replace the default self-signed certificates with a trusted certificate signed by an internal CA.
Unlike vCenter, vROPS uses a common name vc-ops-slice-1 followed by slice-2 for data and other node, where vCenter has SAN names in the default certificate so when you add the root of the local machine trusted store then the vCenter url shows secured.
In order to make the secure SSL we have to generate the CSR and get it signed by any third party SSL vendors or our own Microsoft CA.
I will be generating a CSR and getting signed by internal Microsoft CA .We can refer this below article from VMware as reference.
https://kb.vmware.com/s/article/2046591?lang=en_us
Steps:
1.The first step is to create a new private key from taking a SSH session to master node vROPS.
openssl genrsa -out vrops.key 2048
2. Using the configuration file below make sure to provide details of master node ,data node of FQDN /IP address and other basic information of certificates like organization name, locality etc.
sample vrops.cfg file
*********************************************************************
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vrops1.org.com, IP:192.168.0.14,vrops2.org.com,192.168.0.15
[ req_distinguished_name ]
countryName = IN
stateOrProvinceName = VAR
localityName = CAL
0.organizationName = VROPS
organizationalUnitName = VROPSORG
commonName = vrops1.org.com
********************************************************************
openssl req -new -key vrops.key -out vrops.csr -config vrops.cfg
3. Get the certificate signed from your Internal CA using the vrops.csr file for instance we save the certificate obtained as Server_cert.cer
4. The order of CA's certs in the .PEM file: Cert, Private Key, Intermediate Cert and then Root Cert.
cat server_cert.cer vrops.key cacerts.cer >final.pem.pem
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
5.Access the admin page of vRops master node and click on the SSL certificate to install the pem file
