Installing certificate on Nutanix Prism

Generating and Installing certificate on Nutanix Prism is easy depending on whether you’re going to generate a self-signed certificate or import one from your Certificate Authority.

Below are the highlight of the steps for generating and installing certificate on Nutanix followed by the details.

  • Generate Certificate request (.CSR) and Private key (.KEY) using OpenSSL utility
  • Generate certificate using CA
  • Convert Chain certificate from .P7B to .CER
  • Import the Certificate, chain certificate and the key in Nutanix.

Download OpenSSL

  • Download OpenSSL on one of the systems, does not matter which one it is. Download URL
  • Unzip the package and place it under the root drive. For Example: D:\OpenSSL
  • Launch the command prompt with elevated privilege and navigate to \OpenSSL\bin folder
  • Run the following command:
    Set OPENSSL_CONF=D:\OpenSSL\bin\openssl.cnf

clip_image002

General Certificate Request

  • In the command prompt, under the same \OpenSSL\bin folder
  • Run the following command to generate .CSR and .KEY files
    openssl req -out Request.csr –new -newkey rsa:2048 -nodes -keyout Private.key

The above command will ask you details and create a certificate request file Request.key and a private key file Private.key. You can change the key size from 2048 to your requirement. Click on the screenshot below to view the larger image.

clip_image002[5]

Generate Certificate

  • You can open the Request.csr file in notepad and copy its content or give this file to your security or PKI team to generate a certificate.
  • Download the certificate in Base64 format and also download the CA certificate chain as well.
  • After this you should have 2 more files: .CER and .P7B

Convert Chain certificate from .P7B to .CER

Nutanix will not accept the chain certificate in .p7b format. We will use the OpenSSL utility again to convert

  • In the command prompt again, under the bin folder, run the following command:
    openssl pkcs7 -print_certs -in ChainCert.P7B -out ChainCert.CER

The command requires you to specify the chain certificate file (ChainCert.P7B) and the desired output file name (ChainCert.Cer).

clip_image002[7]

Import the certificate files

  • Login to Nutanix Prism web console
  • Click on the SSL Certificate option on top right

clip_image002[9]

  • Choose the option Import Key and Certificate and click on Apply.

clip_image002[12]

  • Choose the appropriate option for PRIVATE KEY TYPE (RSA 2048 bit)
  • Browse under each category and upload the files we generated in the previous steps.
    • Private Key — Private.Key file
    • Public Certificate — CertNew.CER file
    • CA Certification Chain — ChainCert.CER

clip_image002[14]