Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)   View by Article ID

Creating SSL certificates for Socialcast On Premise (2008649)


This article provides information about creating SSL certificates for Socialcast On Premise.
All traffic to Socialcast is carried via SSL. The Socialcast appliance allows you to upload an SSL certificate for the domain you are using to access your Socialcast website. It is important to use a properly configured SSL certificate, otherwise you run the risk of Socialcast not working correctly for all devices or being exposed to security weaknesses.


Creating a Socialcast Certificate

Creating a Socialcast Certificate requires:
  • Generating a Certificate Signing Request (CSR)
  • Shell access to the main configuration node
  • A Certificate Authority (CA)

Note: Your CA may also provide instructions about how to generate a CSR that is compatible with their signing process.

Generating a Certificate Signing Request

Run this command on the master configuration node to generate a 2048-bit private key:
openssl genrsa -out socialcast.key 2048
Important: Be sure to keep this private key in a secure place. If the private key is exposed, the security of your communications can be compromised and you will require a new certificate.

: VMware highly recommends using a 2048 bit private key for enhanced security. However, these keys are incompatible with Windows XP before SP1. If support for these legacy unsupported operating systems is required, generate a 1024 bit key with the preceding command.

Create the CSR from the private key with the command:

openssl req -new -nodes -key socialcast.key -out socialcast.csr -config openssl.cnf

Note: OpenSSL prompts you for the various parameters required to generate a CSR. When this process is completed, you can copy the CSR off the server and submit it to the issuing CA.

For complete instructions, see the OpenSSL documentation.

Obtaining the private key and certificate from a .pfx/.p12 (pkcs12) file

Depending on the process used by your issuing certificate authority, you may receive your certificate encrypted along with the private key in a .pfx file. In order to use these files, you will need to decrypt and extract both of these files from the .pfx.

Your .pfx file may be encrypted with a password. You will be prompted for this password when performing this action.

Create the private key file:

openssl pkcs12 -in socialcast.pfx -nodes -nocerts -out socialcast.key

Create the certificate file:

openssl pkcs12 -in socialcast.pfx -nodes -nokeys -out socialcast.crt

Each of these files include text that is not relevant outside of the certificate or private key sections - you must remove this text. Additionally, the certificate file may contain multiple certificates, and if the chain of certificates in this file is not complete or is in an incorrect order, the Socialcast appliance will not accept the certificate. You may be able to remove all but the certificate for the appliance itself and have success, but you may also need to include certificates in the order mentioned in the section below.

You may now use these files to proceed to the next section.

Combining the certificates and the private key

The Socialcast appliance requires the PEM-formatted certificate and private key to be combined into a single file before it can be installed.

When the issuing Certificate Authority has returned your certificate, you must concatenate the PEM-formatted certificate and the private key. Assuming your certificate is named socialcast.crt, use this command to combine these files:
cat socialcast.key socialcast.crt > socialcast.pem
socialcast.pem can then be uploaded through the SSL Certificate management web interface.

If there are intermediate certificates (required by most newly issued certificates due to security enhancements), append them in the order of increasing generality. For example, if you have two intermediate certificates, your combined pem file should be in this order:

  • Server Private Key
  • Signed Certificate
  • Intermediate Certificate 1
  • Intermediate Certificate 2
Using the previous code example, you would accomplish this with the command:
cat socialcast.key socialcast.crt intermediate1.crt intermediate2.crt > socialcast.pem

Uploading a Certificate

When you have your combined Socialcast certificate, you need to upload it to the Socialcast Cluster Management Console and deploy it to the cluster:

  1. Go to https://master_configuration_node_domain:8003/ssl_config/edit. You see your previously uploaded certificate or the auto-generated self-signed certificate.
  2. Using the file chooser, select the combined socialcast certificate, and click Upload new certificate. Socialcast verifies to ensure that the certificate you uploaded is properly formatted.

    Note: It attempts to return a detailed error message if there are any issues with your certificate.

  3. If the upload is successful, you see a green confirmation message and the listed certificate should display the updated information.
  4. Click Apply Latest Configuration to apply the certificate changes.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings