Project

General

Profile

Setup Certificates » History » Version 2

Leos Stejskal, 10/15/2021 11:44 AM

1 1 Corey Osman
h1. Setup Certificates
2
3
h3. Create SSL Key (Not needed if using no_verify=1)
4
5
<pre>certtool --generate-privkey > pdxesx.logicminds.corp-key.pem</pre>
6
7
h3. Sign key with CA cert and CA key (Not needed if using no_verify=1)
8
9
<pre>[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem
10
 --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem 
11
--load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem
12
Generating a signed certificate...
13
</pre>
14
15
16
<pre>
17
# Server.info
18
organization = Logic Minds Corp
19
cn = pdxesx.logicminds.corp
20
tls_www_server
21
encryption_key
22
signing_key
23
</pre>
24
25
26
h3. Transfer these keys to your ESX or Vsphere server (Not needed if using no_verify=1)
27
28
*You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.*
29
30
You may need to enable ssh on your esx server.  Not sure what to do for vsphere since its windows.
31
<pre>
32
scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key
33
scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt
34
</pre>
35
36
h3. Copy CA cert (Not needed if using no_verify=1)
37
38
Since I used puppet as my CA and client I can just reuse the keys and certs I already have.  
39
<pre>
40
ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem
41
ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem
42
ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem
43
</pre>