paul.cradduck@roundtower.com

Add CA Signed SSL Cert to Turbonomic (the easy way)

Blog Post created by paul.cradduck@roundtower.com on Feb 9, 2017

******SNAP YOUR TURBONOMIC APPLIANCE BEFORE YOU START!*****

 

1. SSH into your Turbonomic appliance

  The username is: root The default password is: vmturbo

 

2. Next, Run the following commands:

     cd /tmp

     openssl req -out vmturbo.csr -new -newkey rsa:2048 -nodes -keyout vmturbo.key

Fill out the appropriate information.

 

3. Use SCP to copy the .csr file from  /tmp on the Turbonomic appliance to the local computer

 

4. Open the CSR file with a text editor and copy the text into the request text box on your CA. From the internal CA (Windows CA) go to 'Request cert' -> Advanced -> base-64-encoded -> 'Template Used' = Web Server (or whatever custom template you may have)

 

5. Make a new directory call C:\cert\ and download the certificate chain in Base 64, call it Turbonomic.p7b

 

6. Right click Turbonomic.p7b, click open and navigate to the Certificates folder. Starting with your Root Cert right click the cert and click all taks -> Export, export it in Base-64 to the C:\cert directory, call it root.cer. Repeat for your intermediate ca cert if you have one and finally for your turbonomic cert. Call them inter.cer and turbo.cer to make it easy.

 

7. At this point you should have 3 or 4 files if you have an intermediate ca cert and you need to chain them together

     C:\cert\Turbonomic.p7b

     C:\cert\root.cer

     C:\cert\inter.cer (only if you have an an intermediate ca)

     C:\cert\turbo.cer

Open a command prompt from C:\Cert and type these commands:

 

     more turbo.cer >> turbonomic.cer

     more inter.cer >>  turbonomic.cer (only if you have an an intermediate ca)

     more root.cer >>  turbonomic.cer

 

now you have a turbonomic.cer that has all three certs chained together in Base 64

 

8. Back in your Turbonomic SCP session:

          upload C:\cert\turbonomic.cer to /etc/ssl/certs

 

9. Back in your Turbonomic SHH session:

          cd /etc/ssl/certs

 

10. Convert turbonomic.cer to pem:

          openssl x509 -in turbonomic.cer -out turbonomic.pem

 

11.

OPENSUSE 

Stop the apache2 service

        

         service apache2 stop

 

CENTOS/REDHAT

Stop the httpd service

         

         service httpd stop

 

12. Backup old certs and keys: (BUT YOU TOOK A SNAPSHOT BEFORE YOU STARTED!)

      Copy the existing /etc/apache2/ssl.crt/server.crt to server-old.crt with below command

           cp /etc/apache2/ssl.crt/server.crt /etc/apache2/ssl.crt/server-old.crt

      Copy the existing /etc/apache2/ssl.key/server.key to server-old.key with below command

          cp /etc/apache2/ssl.key/server.key /etc/apache2/ssl.key/server-old.key

 

13. Copy the turbonomic.pem file to /etc/apache2/ssl.crt/ and call it server.crt

          cp turbonomic.pem /etc/apache2/ssl.crt/server.crt

 

14. Move /tmp/vmturbo.key (the file from step 2) into /etc/apache2/ssl.key/ and name it server.key

           mv /tmp/vmturbo.key  /etc/apache2/ssl.key/server.key

 

15.

OPENSUSE 

Start the apache2 service

        

         service apache2 start

 

CENTOS/REDHAT

Start the httpd service

         

         service httpd start

Outcomes