Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Creating SSL certificates for Socialcast On Premise (2008649)

Purpose

This article provides information about creating SSL certificates for Socialcast On Premise.
 
All traffic to Socialcast is carried via SSL. The Socialcast appliance allows you to upload an SSL certificate for the domain you are using to access your Socialcast website. It is important to use a properly configured SSL certificate, otherwise you run the risk of Socialcast not working correctly for all devices or being exposed to security weaknesses.

Resolution

Creating a Socialcast Certificate

Creating a Socialcast Certificate requires:
  • Generating a Certificate Signing Request (CSR)
  • Shell access to the main configuration node
  • A Certificate Authority (CA)

Note: Your CA may also provide instructions about how to generate a CSR that is compatible with their signing process.

Generating a Certificate Signing Request

Run this command on the master configuration node to generate a 2048-bit private key:
 
openssl genrsa -out socialcast.key 2048
 
Important: Be sure to keep this private key in a secure place. If the private key is exposed, the security of your communications can compromised and you will require a new certificate.

Note: VMware highly recommends using a 2048 bit private key for enhanced security. However, these keys are incompatible with Windows XP before SP1. If support for these legacy unsupported operating systems is required, generate a 1024 bit key with the command above.

Next, create the CSR from the private key with the command:

openssl req -new -nodes -key socialcast.key -out socialcast.csr

Note: OpenSSL prompts you for the various parameters required to generate a CSR. When this process is completed, you can copy the CSR off the server and submit it to the issuing CA.

For complete instructions, see the OpenSSL documentation.

Combining the certificates and the private key

The Socialcast appliance requires the PEM-formatted certificate and private key to be combined into a single file before it can be installed.

When the issuing Certificate Authority has returned your certificate, you must concatenate the PEM-formatted certificate and the private key. Assuming your certificate is named socialcast.crt, use this command to combine these files:
 
cat socialcast.key socialcast.crt > socialcast.pem
 
socialcast.pem can then be uploaded through the SSL Certificate management web interface.

If there are intermediate certificates (required by most newly issued certificates due to security enhancements), append them in the order of increasing generality. For example, if you have two intermediate certificates, your combined pem file should be in this order:

  • Server Private Key
  • Signed Certificate
  • Intermediate Certificate 1
  • Intermediate Certificate 2
Using the previous code example, you would accomplish this with the command:
 
cat socialcast.key socialcast.crt intermediate1.crt intermediate2.crt > socialcast.pem

Uploading a Certificate

When you have your combined Socialcast certificate, you need to upload it to the Socialcast Cluster Management Console and deploy it to the cluster:

  1. Go to https://<master_configuration_node_domain>:8003/ssl_config/edit. You see your previously uploaded certificate or the auto-generated self-signed certificate.
  2. Using the file chooser, select the combined socialcast certificate, and click Upload new certificate. Socialcast verifies to ensure that the certificate you uploaded is properly formatted.

    Note: It attempts to return a detailed error message if there are any issues with your certificate.

  3. If the upload is successful, you see a green confirmation message and the listed certificate should display the updated information.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: