Generate CA Signed Certificate for vRO cluster

If you have a requirement to use CA signed SSL certificate for your vRO server cluster, you can use following steps to get your CA signed SSL certificate.

  1. You need to delete existing self signed  vRO certificate.
    keytool -delete -alias dunes -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes"

    Note: With vRO 7 password for the certificate store has been changed. It is generated dynamically at first boot. Path to the file is “/var/lib/vco/keystore.password”

Next step is to generate a CSR request for the certificate.

keytool -keystore /etc/vco/app-server/security/jssecacerts -storepass dunesdunes -alias dunes -keypass dunesdunes -genkey -keyalg RSA -sigalg SHA512withRSA -keysize 2048 -dname "CN=vrolb.domain.local, OU=IT, C=My Company, L=city, ST=state, C=IN" -ext SAN="DNS:vrolb.domain.local,DNS:vro01.domain.local,DNS:vro02.domain.local" -certreq -file /tmp/certs/certreq.csr

cat /tmp/certs/certreq.csr

Once you the .csr file, then you can ask CA Server administrator to sign the csr and return you the certificate file.

Note: While saving the CSR, it needs to be saved in DER format.

Once you get the certificate file, rename the extension to .crt and copy it to the csr folder.

Next you need to run following command to install the certificate on vRO appliance.


keytool -keystore /etc/vco/app-server/security/jssecacerts -storepass dunesdunes -alias dunes -import -keypass dunesdunes -sigalg SHA256withRSA -file /tmp/certs/vrolb.cr

Now reboot your appliance and you should not have any certificate related warnings on your vRO instance.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s