Project

General

Profile

Actions

Setup Certificates

Create SSL Key (Not needed if using no_verify=1)

certtool --generate-privkey > pdxesx.logicminds.corp-key.pem

Sign key with CA cert and CA key (Not needed if using no_verify=1)

[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem
 --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem 
--load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem
Generating a signed certificate...
# Server.info
organization = Logic Minds Corp
cn = pdxesx.logicminds.corp
tls_www_server
encryption_key
signing_key

Transfer these keys to your ESX or Vsphere server (Not needed if using no_verify=1)

You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.

You may need to enable ssh on your esx server. Not sure what to do for vsphere since its windows.

scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key
scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt

Copy CA cert (Not needed if using no_verify=1)

Since I used puppet as my CA and client I can just reuse the keys and certs I already have.

ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem
ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem
ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem

Updated by Leos Stejskal about 3 years ago · 2 revisions