Enforcing Secure Access for Turbonomic (CentOS 7)

File uploaded by rebecca Expert on Apr 11, 2017Last modified by robert.fagnoni on Feb 4, 2019
Version 21Show Document
  • View in full screen mode

This document covers installing a trusted certificate from a known certificate authority (CA), if required by company policy.

Procedure summary, details follow:

                                          Step 1: Request a certificate                              

                                          Step 2: Upload the certificate

                                          Step 3: Apply the certificate                                

                                          Step 4: Enable https redirect        


Step 1: Request a certificate

  • Connect to Turbonomic server via shell as root
  • Change to /etc/pki/tls/private directory

                              cd /etc/pki/tls/private

  • Execute the command to create the private key file

                              openssl genrsa -out turbonomic.key 2048

  • Create a file containing the information used to generate the CSR 

                              vi certsignreq.cfg

  • In the file, insert the following and specify the purple fields:


ts = 2048

prompt = no

default_md = sha256

req_extensions = req_ext

distinguished_name = dn



C=<country, 2 letter code>




OU=<organizational unit name>


emailAddress=<email address>



subjectAltName = @alt_names 



DNS.1 = <FQDN>

DNS.2 = <server’s short name>



  • Write and quit the file

                            esc :wq!

    • Execute the command to create the certificate request file

                                  openssl req -new -sha256 -nodes -out turbonomic.csr -key turbonomic.key -config certsignreq.cfg

    • Transfer csr from /etc/pki/tls/private to your local machine
    • Send this file to your certificate authority

    Your certificate authority will use this file to create the certificate for you to upload.

    If given the choice between DER and Base 64, choose Base 64.

    Once you receive the certificate file, rename it to turbonomic.crt.


    Step 2: Upload the certificate

    • The certificate file received from the CA should be named turbonomic.crt

    Intermediate Certificate Bundle:

    CA’s (e.g., GoDaddy or Symantec) may use intermediate certificates as a proxy to their root certificate for security purposes – if so, a certificate chain bundle is also received

    • Name the certificate chain: intermediate.crt
    • Transfer the above certificate file(s) to the Turbonomic instance in the /etc/pki/tls/certs directory


    Step 3: Apply the certificate

    • Connect to Turbonomic server via shell as root
    • Make a backup of the conf file in the following directory: /etc/httpd/conf.d/

             cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf-LOCALHOST

    • Edit /etc/httpd/conf.d/ssl.conf to specify the key and crt file paths

                             vi /etc/httpd/conf.d/ssl.conf


                            Replace the file names:

                                  localhost.crt --> turbonomic.crt

                                  localhost.key --> turbonomic.key

                                  server-chain.crt --> intermediate.crt


    • Write and quit the file

                                     esc :wq!

    • Restart httpd service 

                                      service httpd restart


    Step 4: Enable https redirect