Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Generating a 24-bit encryption key for a Certificate Signing Request (2045278)

Details

The SSL tab in the vCloud Connector Server or Node Admin Web console only lets you generate a 1024-bit encryption key for a Certificate Signing Request. It does not have an option to generate a 2048-bit encryption key.

Solution

Use the command line interface to generate a 2048-bit encryption key. Follow these instructions to generate a 2048-bit key, create a certificate signing request, and upload certificates.
  1. Log on to the vCloud Connector Server or Node console as admin.
    The default password is vmware.
  2. Change directory.
    For the Server:
    cd /usr/local/tcserver/vfabric-tc-server-standard/server/conf
    For the Node:
    cd /usr/local/tcserver/vfabric-tc-server-standard/agent/conf
  3. Delete the existing key.
    For the Server:
    /usr/java/default/bin/keytool -delete -alias hcserver -keystore tcserver.jks -storepass changeme
    For the Node:
    /usr/java/default/bin/keytool -delete -alias hcagent -keystore tcserver.jks -storepass changeme
  4. Generate the new 2048-bit key.
    For the Server:
    /usr/java/default/bin/keytool -genkey -keyalg RSA -keysize 2048 -alias hcserver -validity 1095 -keystore tcserver.jks -storepass changeme -keypass changeme
    For the Node:
    /usr/java/default/bin/keytool -genkey -keyalg RSA -keysize 2048 -alias hcagent -validity 1095 -keystore tcserver.jks -storepass changeme -keypass changeme
  5. Log out of the console.
  6. Log on to the Server or Node Admin Web console at https://<Server_or_Node_IPaddress>:5480 as admin.
    The default password is vmware.
  7. In the Server Admin Web console, click the Server tab, then the SSL tab.
    In the Node Admin Web console, click the Node tab, then the SSL tab.
  8. Click Generate and and download CSR to generate a Certificate Signing Request and download it.
  9. Obtain certificates from your Certificate Authority (CA) using the .csr files you downloaded.
  10. If the certificates you obtained from your CA are not in the X.509 format, convert them to the X.509 format by using the following command at the command prompt:
    openssl pkcs7 -in <path/../certificate.cer> -print_certs | openssl x509 > <path/../certificate.cer>

    Note that you must have the OpenSSL lbrary installed to access this command. You can also use this command from the Server or Node console.

  11. When you have your certificates in the X.509 format,
    • In the Root CA certificate field, click Browse and find the root certificate for the vCloud Connector Server or Node.
    • In the Intermediate CA certificate field, click Browse and find the intermediate certificate for the vCloud Connector Server or Node.
    • In the Certificate field, click Browse and find the signed certificate for the vCloud Connector Server or Node.
    • Click Upload.
  12. Click Enable SSL at the top of the page.
After you upload valid certificates, you must do the following.
  • For each Node for which you enabled SSL, deselect the Ignore SSL certificate option and update the Node's registration with the vCloud Connector Server. You do this from the Nodes tab in the Server Admin Web console.
  • Restart the vCloud Connector Server.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 2 Ratings
Actions
KB: