Create a self-signed certificate

If you are running VMware vCenter version 6.0, you must create a new self-signed certificate before adding and registering a VASA provider through vCenter.

About this task

You can create a self-signed certificate by opening a secure shell (SSH) connection to a node in the Isilon cluster that will be used as the VASA provider. Alternatively, after creating a self-signed certificate on a node, you can copy the certificate to any other node in the cluster and register that node as a VASA provider in vCenter.

Procedure

  1. Create an RSA key by running the following command:
    openssl genrsa -aes128 -out vp.key 1024
  2. Remove the passphrase from the key by running the following commands sequentially:
    cp vp.key vp.key.withpassphrase
    openssl rsa -in vp.key.withpassphrase -out vp.key
    
  3. Create a certificate signing request by running the following command:
    openssl req -new -key vp.key -out vp.csr
  4. Generate a self-signed certificate that does not have CA signing ability by running the following commands sequentially:
    echo "basicConstraints=CA:FALSE" > vp.ext
    openssl x509 -req -days 365 -in  vp.csr -sha256 -signkey vp.key -extfile vp.ext -out vp.crt:
    Note Image

    With a validity period of 365 days, you can change the self-signed certificate, if necessary.

  5. Display the new certificate with the extensions information for verification by running the following command:
    openssl x509 -text -noout -purpose -in vp.crt
  6. Create a backup of original server.key by running the following command:
    cp /usr/local/apache2/conf/ssl.key/server.key /usr/local/apache2/conf/ssl.key/server.key.bkp
  7. Replace the previous server key with the new server key by running the following command:
    cp vp.key /usr/local/apache2/conf/ssl.key/server.key
    Where vp.key is the new server key.
  8. Create a backup of the original certificate by running the following command:
    cp /usr/local/apache2/conf/ssl.crt/server.crt /usr/local/apache2/conf/ssl.crt/server.crt.bkp
    Where, server.crt is the original certificate.
  9. Replace the original certificate on the server with the new certificate by running the following command:
    cp vp.crt /usr/local/apache2/conf/ssl.crt/server.crt
    Where vp.crt is the new certificate.
  10. Stop and restart the apache service httpd at /usr/local/apache2/bin/ after the certificate is replaced by running the following commands sequentially:
     killall httpd
    /usr/local/apache2/bin/httpd -k start