Add CA Signed SSL Cert to Turbonomic (the easy way)

Blog Post created by on Feb 9, 2017



1. SSH into your Turbonomic appliance

  The username is: root The default password is: vmturbo


2. Next, Run the following commands:

     cd /tmp

     openssl req -out vmturbo.csr -new -newkey rsa:2048 -nodes -keyout vmturbo.key

Fill out the appropriate information.


3. Use SCP to copy the .csr file from  /tmp on the Turbonomic appliance to the local computer


4. Open the CSR file with a text editor and copy the text into the request text box on your CA. From the internal CA (Windows CA) go to 'Request cert' -> Advanced -> base-64-encoded -> 'Template Used' = Web Server (or whatever custom template you may have)


5. Make a new directory call C:\cert\ and download the certificate chain in Base 64, call it Turbonomic.p7b


6. Right click Turbonomic.p7b, click open and navigate to the Certificates folder. Starting with your Root Cert right click the cert and click all taks -> Export, export it in Base-64 to the C:\cert directory, call it root.cer. Repeat for your intermediate ca cert if you have one and finally for your turbonomic cert. Call them inter.cer and turbo.cer to make it easy.


7. At this point you should have 3 or 4 files if you have an intermediate ca cert and you need to chain them together



     C:\cert\inter.cer (only if you have an an intermediate ca)


Open a command prompt from C:\Cert and type these commands:


     more turbo.cer >> turbonomic.cer

     more inter.cer >>  turbonomic.cer (only if you have an an intermediate ca)

     more root.cer >>  turbonomic.cer


now you have a turbonomic.cer that has all three certs chained together in Base 64


8. Back in your Turbonomic SCP session:

          upload C:\cert\turbonomic.cer to /etc/ssl/certs


9. Back in your Turbonomic SHH session:

          cd /etc/ssl/certs


10. Convert turbonomic.cer to pem:

          openssl x509 -in turbonomic.cer -out turbonomic.pem




Stop the apache2 service


         service apache2 stop



Stop the httpd service


         service httpd stop


12. Backup old certs and keys: (BUT YOU TOOK A SNAPSHOT BEFORE YOU STARTED!)

      Copy the existing /etc/apache2/ssl.crt/server.crt to server-old.crt with below command

           cp /etc/apache2/ssl.crt/server.crt /etc/apache2/ssl.crt/server-old.crt

      Copy the existing /etc/apache2/ssl.key/server.key to server-old.key with below command

          cp /etc/apache2/ssl.key/server.key /etc/apache2/ssl.key/server-old.key


13. Copy the turbonomic.pem file to /etc/apache2/ssl.crt/ and call it server.crt

          cp turbonomic.pem /etc/apache2/ssl.crt/server.crt


14. Move /tmp/vmturbo.key (the file from step 2) into /etc/apache2/ssl.key/ and name it server.key

           mv /tmp/vmturbo.key  /etc/apache2/ssl.key/server.key




Start the apache2 service


         service apache2 start



Start the httpd service


         service httpd start