Vrni certificate official VMware article
https://kb.vmware.com/s/article/2148128
Download openssl for windows https://kb.firedaemon.com/support/solutions/articles/4000121705#Download-OpenSSL
Extract the zip
Create a vrni-config.cfg file
Put the below information in it but adjust it to your environment
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = AU
ST = Victoria
L = Melbourne
O = VMware
OU = VMware PSO
CN = ni-p.vmware.local
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ni-p.vmware.local
DNS.2 = nic-p-02.vmware.local
DNS.3 = ni-p-03.vmware.local
Put the cfg file in the bin folder in openssl were you’re going to run openssl exe
Type in the following
openssl genrsa -out vrni1.key 2048
openssl req -new -key vrni1.key -out vrni1.csr -config vrni-config.cfg
openssl rsa -in vrni1.key -check
Two files are created the key and csr
Copy it to the platform node, I am using winscp and the support account
Open the csr and copy the text
Sign your certificate through your certificate authority.
https://<servername>/certsrv
Click request a certificate
Click advanced certificate request
Copy csr into saved request
Select web server
Click submit
Click base 64 encoded.
Click download certificate chain.
Open the file ‘p7b’ and export them as base 64.
Create a new file as combined.crt (You will need to combine them into one file and as a crt file)
Copy the machine cer text at the top, then intermediate second and root at bottom
Order
- The machine certificate
- The intermediate certificate
- The root certificate
Should look like this (I don’t have an intermediate certificate in my lab)
Copy the crt to your winscp session open for the platform node
Login as support user to your platform server via ssh
Type the following to fix the key file
sed -i ‘s/—–BEGIN PRIVATE KEY—–/—–BEGIN RSA PRIVATE KEY—–/g’ vrni1.key
sed -i ‘s/—–END PRIVATE KEY—–/—–END RSA PRIVATE KEY—–/g’ vrni1.key
Type the following to verify it is ok
openssl rsa -in vrni1.key -check
file vrni1.key
ls
file combined.crt
file vrni1.key (should show PEM RSA PRIVATE KEY not ASCII text)
Wrong
Right
Login as consoleuser to platform server via ssh
Type in
custom-cert remove
Type in the following
custom-cert copy –host localhost –user support –port 22 –path /home/support/combined.crt
custom-cert copy –host localhost –user support –port 22 –path /home/support/vrni1.key
Type in the following
custom-cert list
Type in the following
custom-cert apply
Reboot node
Check certificate
Repeat on other nodes.
