Enforcing Secure Access for Turbonomic (CentOS 7)

File uploaded by rebecca Expert on Apr 11, 2017Last modified by rebecca Expert on Sep 13, 2017
Version 14Show Document
  • View in full screen mode

This document covers installing a trusted certificate from a known certificate authority (CA), if required by company policy.

Procedure summary, details follow:

                                          Step 1: Request a certificate                              

                                          Step 2: Upload the certificate

                                          Step 3: Apply the certificate                                

                                          Step 4: Enable https redirect        

 

Step 1: Request a certificate

  • Connect to Turbonomic server via shell as root
  • Change to /etc/pki/tls/private directory

                              cd /etc/pki/tls/private

  • Execute the command to create the private key file

                              openssl genrsa -out turbonomic.key 2048

  • Create a file containing the information used to generate the CSR 

                              vi certsignreq.cfg

  • In the file, insert the following and specify the purple fields:

[req]

ts = 2048

prompt = no

default_md = sha256

req_extensions = req_ext

distinguished_name = dn

 

[dn]

C=<country, 2 letter code>

L=<city>

O=<company>

OU=<organizational unit name>

CN=<FQDN>

emailAddress=<email address>

 

[req_ext]

subjectAltName = <alternate domains to use with the SSL Certificate>

 

[alt_names]

DNS.1 = <FQDN>

DNS.2 = <server’s short name>

                     Example

                     

  • Write and quit the file

                            esc :wq!

    • Execute the command to create the certificate request file

                                  openssl req -new -sha256 -nodes -out turbonomic.csr -key turbonomic.key -config certsignreq.cfg

    • Transfer csr from /etc/pki/tls/private to your local machine
    • Send this file to your certificate authority

    Your certificate authority will use this file to create the certificate for you to upload.

    Once you receive the certificate file, rename it to turbonomic.crt.

     

    Step 2: Upload the certificate

    • The certificate file received from the CA should be named crt

    Intermediate Certificate Bundle:

    CA’s (e.g., GoDaddy or Symantec) may use intermediate certificates as a proxy to their root certificate for security purposes – if so, a certificate chain bundle is also received

    • Name the certificate chain: crt
    • Transfer the above certificate file(s) to the Turbonomic instance in the /etc/pki/tls/certs directory

     

    Step 3: Apply the certificate

    • Connect to Turbonomic server via shell as root
    • Make a backup of the conf file in the following directory: /etc/httpd/conf.d/

             cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf-LOCALHOST

    • Edit /etc/httpd/conf.d/ssl.conf to specify the key and crt file paths

                             vi /etc/httpd/conf.d/ssl.conf

     

    • Write and quit the file

                                     esc :wq!

    • Restart httpd service 

                                      service httpd restart

     

    Step 4: Enable https redirect

    Attachments

    Outcomes