Creating SSL certificates for Socialcast On Premise (2008649)
Creating a Socialcast Certificate
- Generating a Certificate Signing Request (CSR)
- Shell access to the main configuration node
- A Certificate Authority (CA)
Note: Your CA may also provide instructions about how to generate a CSR that is compatible with their signing process.
Generating a Certificate Signing Request
Note: VMware highly recommends using a 2048 bit private key for enhanced security. However, these keys are incompatible with Windows XP before SP1. If support for these legacy unsupported operating systems is required, generate a 1024 bit key with the preceding command.
Create the CSR from the private key with the command:
Note: OpenSSL prompts you for the various parameters required to generate a CSR. When this process is completed, you can copy the CSR off the server and submit it to the issuing CA.
For complete instructions, see the OpenSSL documentation.
Obtaining the private key and certificate from a .pfx/.p12 (pkcs12) file
Depending on the process used by your issuing certificate authority, you may receive your certificate encrypted along with the private key in a .pfx file. In order to use these files, you will need to decrypt and extract both of these files from the .pfx.
Your .pfx file may be encrypted with a password. You will be prompted for this password when performing this action.
Create the private key file:
openssl pkcs12 -in socialcast.pfx -nodes -nocerts -out socialcast.key
Create the certificate file:
openssl pkcs12 -in socialcast.pfx -nodes -nokeys -out socialcast.crt
You may now use these files to proceed to the next section.
Combining the certificates and the private key
The Socialcast appliance requires the PEM-formatted certificate and private key to be combined into a single file before it can be installed.
If there are intermediate certificates (required by most newly issued certificates due to security enhancements), append them in the order of increasing generality. For example, if you have two intermediate certificates, your combined pem file should be in this order:
- Server Private Key
- Signed Certificate
- Intermediate Certificate 1
- Intermediate Certificate 2
Uploading a Certificate
When you have your combined Socialcast certificate, you need to upload it to the Socialcast Cluster Management Console and deploy it to the cluster:
- Go to https://master_configuration_node_domain:8003/ssl_config/edit. You see your previously uploaded certificate or the auto-generated self-signed certificate.
- Using the file chooser, select the combined socialcast certificate, and click Upload new certificate. Socialcast verifies to ensure that the certificate you uploaded is properly formatted.
Note: It attempts to return a detailed error message if there are any issues with your certificate.
- If the upload is successful, you see a green confirmation message and the listed certificate should display the updated information.
- Click Apply Latest Configuration to apply the certificate changes.