Version 2 - History - Setup Certificates - Foreman

1

Corey Osman

h1. Setup Certificates

2

3

h3. Create SSL Key (Not needed if using no_verify=1)

4

5

<pre>certtool --generate-privkey > pdxesx.logicminds.corp-key.pem</pre>

6

7

h3. Sign key with CA cert and CA key (Not needed if using no_verify=1)

8

9

<pre>[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem

10

 --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem

11

--load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem

12

Generating a signed certificate...

13

</pre>

14

15

16

<pre>

17

# Server.info

18

organization = Logic Minds Corp

19

cn = pdxesx.logicminds.corp

20

tls_www_server

21

encryption_key

22

signing_key

23

</pre>

24

25

26

h3. Transfer these keys to your ESX or Vsphere server (Not needed if using no_verify=1)

27

28

*You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.*

29

30

You may need to enable ssh on your esx server.  Not sure what to do for vsphere since its windows.

31

<pre>

32

scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key

33

scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt

34

</pre>

35

36

h3. Copy CA cert (Not needed if using no_verify=1)

37

38

Since I used puppet as my CA and client I can just reuse the keys and certs I already have.

39

<pre>

40

ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem

41

ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem

42

ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem

43

</pre>

Setup Certificates » History » Version 2