PDA

View Full Version : SSL Certificate Signing Request

handyman1994
03-16-2009, 09:46 AM
Infrastructure: ESX 3.5
Virtual Center 2.5
15 Windows 2003 Guests
1 Unix guest

Needed to use SSL only for Unix guest (WEB server) not for other Windows VM's

Already created CSR file by enabling SSL in Virtual Center Management Configuration and using these commands:

Creating SSL Certs for Onpremise from a third party vendor:

**this how-to assumes the openssl command is available on the system used to create the private keys**

1. Generate a private key (without a password)
openssl genrsa -des3 -out www.mydomain.com.key 1024


2. Generate a Certificate Signing Request (this certificate will be used to generate our ssl certificate on the third parties site.) opennssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr


3. After submitting your CSR to a third party vendor they will send you a crt file. This file will used in combination with the key we generated in step 1, to upload to our onpremise image.

4. Use the crt file they vendor sends you in combination with the key file you generated to upload to your Onpremise Image. https://<hostname>/controlpanel/actionfiles/sslcert.php


If I disable the SSL setting will the Linux VM still work with SSL. ?

Is it possible to use SSL for only one VM...??

THX!!!
David Davis
03-16-2009, 06:02 PM
Hi Handyman,

I am sorry but I am confused by your question on this post....

So you want to use SSL with a VMware Guest VM. I am thinking that you must be talking about accessing the web server that is running inside that unix/linux guest using SSL.

If so, this has nothing to do with VMware, just regular web server SSL setup (which I am not really an expert at).

If you are talking about managing your VMware guest VM with SSL then I am confused as to how you are wanting to do this.

Sorry but please provide more info.

Thanks
David
handyman1994
03-18-2009, 10:51 AM
I was actually quite confused myself when the idea was mentioned to me. Instead of using say....Verisign... a key/CSR was generated by a ESX host after SSL was enabled using the commands above. The Web server which is a guest on ESX will now use the key once we get it back from verisign.

I am still somewhat unsure of this process but a KEY\CSr was generated by the ESX host and sent to the vendor...
David Davis
03-19-2009, 03:02 PM
Hi Handyman,

I have never had the need to have a certificate generated for an ESX host. I have always just managed ESX using vCenter on a secure enterprise network.

I don't like directing you somewhere else but, in this case, I would suggest posted this question over at the VMware communities to see if anyone over there (a larger crowd) has had similar experience.

Thanks for posting!
-David
Bryan
03-04-2010, 02:57 AM
wow sounds good to me
greenmatter
03-09-2010, 04:28 PM
wow sounds good to mehttp://www.imgsnatch.com/img/w/N.gif

Indeed!