If you have a requirement to use CA signed SSL certificate for your vRO server cluster, you can use following steps to get your CA signed SSL certificate.
- You need to delete existing self signed vRO certificate.
keytool -delete -alias dunes -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes"
Note: With vRO 7 password for the certificate store has been changed. It is generated dynamically at first boot. Path to the file is “/var/lib/vco/keystore.password”
Next step is to generate a CSR request for the certificate.
keytool -keystore /etc/vco/app-server/security/jssecacerts -storepass dunesdunes -alias dunes -keypass dunesdunes -genkey -keyalg RSA -sigalg SHA512withRSA -keysize 2048 -dname "CN=vrolb.domain.local, OU=IT, C=My Company, L=city, ST=state, C=IN" -ext SAN="DNS:vrolb.domain.local,DNS:vro01.domain.local,DNS:vro02.domain.local" -certreq -file /tmp/certs/certreq.csr cat /tmp/certs/certreq.csr
Once you the .csr file, then you can ask CA Server administrator to sign the csr and return you the certificate file.
Note: While saving the CSR, it needs to be saved in DER format.
Once you get the certificate file, rename the extension to .crt and copy it to the csr folder.
Next you need to run following command to install the certificate on vRO appliance.
keytool -keystore /etc/vco/app-server/security/jssecacerts -storepass dunesdunes -alias dunes -import -keypass dunesdunes -sigalg SHA256withRSA -file /tmp/certs/vrolb.cr
Now reboot your appliance and you should not have any certificate related warnings on your vRO instance.