Generating and installing a signed SSL certificate

Ops Center Administrator Getting Started Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99ADM000-20

By default, the server uses a self-signed certificate. SSL certificates verify user identities and enhance security on the server. You can get a digitally signed SSL certificate from a trusted certificate authority (CA) by sending a certificate signing request (CSR). After you obtain the signed certificate, you import it to the server.

The following is a sample procedure for generating and installing a signed SSL certificate. The process of obtaining a certificate may be different within each organization.

  1. Open the virtual machine console and log in using root user or normal user credentials. If you log in as a normal user, use the sudo command to complete the following procedure as the root user.
  2. Note the hostname of the VM (#hostname).
  3. Run the openssl command and provide the Authentication sha256, depending upon the required security. Give the Fully Qualified Domain Name for host name.
    • The following example is for a certificate using RSA as the signature algorithm:
      # openssl req -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.csr

      The system returns the message: Generating a RSA private key

    • The following example is for a certificate using ECDSA as the signature algorithm:
      # openssl req -nodes -newkey ec:<(openssl ecparam -name secp384r1) -sha256 -keyout server.key -out server.csr

      The system returns the message: Generating a EC private key

  4. Provide the information as prompted. For some fields there is a default value. Enter period ".", to leave a field blank.
    • Country Name (two-letter code)
    • State or Province Name (two-letter code)
    • Locality name (City)
    • Organization Name (Company)
    • Organizational Unit Name (Section or department)
    • Common Name (Your name or the server host name)
    • Email Address
  5. When you receive the CSR file, send it to a certificate authority to obtain an SSL certificate.
    If you need help with this step, consult with customer support or an authorized service provider.
  6. Open a browser and enter the following URL in the address bar:
    https://ip-address:port/vam

    where:

    • ip-address is the IP address of the Ops Center Administrator server.
    • port is the port number of the Ops Center Administrator. The default port number is 443 or 20961.

    The default login credentials are sysadmin/sysadmin

  7. Click Certificate Settings.
  8. Import the certificate into the server.
    1. Open the signed certificate (received from the certificate authority) in a text editor.
    2. Open the private key file (generated in step 2) in a text editor.
    3. Copy the certificate file contents into the CERTIFICATE text box.
      Note: Do not include the delimiters.
    4. Open the private key.
      # cat server.key
    5. Copy the private key file contents into the PRIVATE KEY text box in the virtual appliance manager.
    6. Click Submit.