Issue: When using default certificates in vROPS Due to security requirements it was necessary to replace the default self-signed certificates with a trusted certificate signed by an internal CA.
Unlike vCenter, vROPS uses a common name vc-ops-slice-1 followed by slice-2 for data and other node, where vCenter has SAN names in the default certificate so when you add the root of the local machine trusted store then the vCenter url shows secured.
In order to make the secure SSL we have to generate the CSR and get it signed by any third party SSL vendors or our own Microsoft CA.
I will be generating a CSR and getting signed by internal Microsoft CA .We can refer this below article from VMware as reference.
https://kb.vmware.com/s/article/2046591?lang=en_us
Steps:
1.The first step is to create a new private key from taking a SSH session to master node vROPS.
openssl genrsa -out vrops.key 2048
2. Using the configuration file below make sure to provide details of master node ,data node of FQDN /IP address and other basic information of certificates like organization name, locality etc.
sample vrops.cfg file
*********************************************************************
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vrops1.org.com, IP:192.168.0.14,vrops2.org.com,192.168.0.15
[ req_distinguished_name ]
countryName = IN
stateOrProvinceName = VAR
localityName = CAL
0.organizationName = VROPS
organizationalUnitName = VROPSORG
commonName = vrops1.org.com
********************************************************************
openssl req -new -key vrops.key -out vrops.csr -config vrops.cfg
3. Get the certificate signed from your Internal CA using the vrops.csr file for instance we save the certificate obtained as Server_cert.cer
4. The order of CA's certs in the .PEM file: Cert, Private Key, Intermediate Cert and then Root Cert.
cat server_cert.cer vrops.key cacerts.cer >final.pem.pem
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
5.Access the admin page of vRops master node and click on the SSL certificate to install the pem file
ReplyDeleteYour Trusted Chartered Accountants in Silvassa and Vapi
Looking for a reliable CA in Silvassa or CA in Vapi?
N Kumar & Associates is a professional Chartered Accountancy firm known for its ethical practices, accuracy, and client-centric approach. We offer a comprehensive range of accounting and financial services tailored to meet the needs of individuals, startups, SMEs, and large-scale businesses.
Our Key Services Include:
Income Tax Filing & Planning
GST Registration & Compliance
Company Incorporation & ROC Filings
Statutory & Internal Audits
Business Advisory & Financial Consulting
TDS, PF, ESI Compliance
Bookkeeping & Payroll Services
With a team of experienced professionals, we deliver timely and cost-effective solutions that help our clients stay compliant and financially sound.
Why Choose N Kumar & Associates?
✔ Years of Experience
✔ Personalized Financial Guidance
✔ Transparent Fee Structure
✔ Prompt Client Support
Whether you're a growing business or an established firm, trust N Kumar & Associates to be your reliable Chartered Accountant in Silvassa and Vapi.
📞 Contact us today to schedule a consultation or visit www.nkumarassociates.co.in
https://www.nkumarassociates.co.in/