Wednesday, December 20, 2006

 

Getting NLB CAG SSL Cert

Changing the Name of the CAGs
You will need to use an external CSR generator to achieve this such as OPENSSL.

From an OPENSSL prompt, type;
openssl genrsa -out domainname.key 1024
openssl req -new -key domainname.key -out domainname.csr
You will be prompted to fill out information. Please enter the information correctly.
When it asks you to enter in “YOUR NAME”, enter in the FQDN of the device, (ie, connect.chop.edu)

You have now generated a new SSL Certificate Request file with the new domain name. The contents of this file are what need to be submitted to the Certificate Authority.

When you get the signed certificate back from the Certificate Authority, create a new UNICODE text file with an extension of .crt.
In this text file, copy and paste the contents of the domainname.key file.
Then copy and paste the contents of the signed certificate file.
Your end file should look like this;
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

From the CAG Admin console, upload the file you just created to the CAG using the “Upload a .pem private key and signed certificate” option
Restart the CAG.
Ensure that the CAG is configured to use the new name as its external FQDN on the General Networking page.


Please keep all of these files under tight control. If someone was able to obtain these files they would be able to spoof and or hijack the organization on the Internet.

This page is powered by Blogger. Isn't yours?