The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)
View by Article ID
Creating SSL certificates for Socialcast On Premise (2008649)
Purpose
This article provides information about creating SSL certificates for Socialcast On Premise.
All traffic to Socialcast is carried via SSL. The Socialcast appliance allows you to upload an SSL certificate for the domain you are using to access your Socialcast website. It is important to use a properly configured SSL certificate, otherwise you run the risk of Socialcast not working correctly for all devices or being exposed to security weaknesses.
Resolution
Creating a Socialcast Certificate
Creating a Socialcast Certificate requires:
Generating a Certificate Signing Request (CSR)
Shell access to the main configuration node
A Certificate Authority (CA)
Note: Your CA may also provide instructions about how to generate a CSR that is compatible with their signing process.
Generating a Certificate Signing Request
Run this command on the master configuration node to generate a 2048-bit private key:
openssl genrsa -out socialcast.key 2048
Important: Be sure to keep this private key in a secure place. If the private key is exposed, the security of your communications can compromised and you will require a new certificate.
Note: VMware highly recommends using a 2048 bit private key for enhanced security. However, these keys are incompatible with Windows XP before SP1. If support for these legacy unsupported operating systems is required, generate a 1024 bit key with the command above.
Next, create the CSR from the private key with the command:
Note: OpenSSL prompts you for the various parameters required to generate a CSR. When this process is completed, you can copy the CSR off the server and submit it to the issuing CA.
The Socialcast appliance requires the PEM-formatted certificate and private key to be combined into a single file before it can be installed.
When the issuing Certificate Authority has returned your certificate, you must concatenate the PEM-formatted certificate and the private key. Assuming your certificate is named socialcast.crt, use this command to combine these files:
socialcast.pem can then be uploaded through the SSL Certificate management web interface.
If there are intermediate certificates (required by most newly issued certificates due to security enhancements), append them in the order of increasing generality. For example, if you have two intermediate certificates, your combined pem file should be in this order:
Server Private Key
Signed Certificate
Intermediate Certificate 1
Intermediate Certificate 2
Using the previous code example, you would accomplish this with the command:
When you have your combined Socialcast certificate, you need to upload it to the Socialcast Cluster Management Console and deploy it to the cluster:
Go to https://<master_configuration_node_domain>:8003/ssl_config/edit. You see your previously uploaded certificate or the auto-generated self-signed certificate.
Using the file chooser, select the combined socialcast certificate, and click Upload new certificate. Socialcast verifies to ensure that the certificate you uploaded is properly formatted.
Note: It attempts to return a detailed error message if there are any issues with your certificate.
If the upload is successful, you see a green confirmation message and the listed certificate should display the updated information.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.
