Generating and Installing certificate on Nutanix Prism is easy depending on whether you’re going to generate a self-signed certificate or import one from your Certificate Authority.
Below are the highlight of the steps for generating and installing certificate on Nutanix followed by the details.
- Generate Certificate request (.CSR) and Private key (.KEY) using OpenSSL utility
- Generate certificate using CA
- Convert Chain certificate from .P7B to .CER
- Import the Certificate, chain certificate and the key in Nutanix.
- Download OpenSSL on one of the systems, does not matter which one it is. Download URL
- Unzip the package and place it under the root drive. For Example: D:\OpenSSL
- Launch the command prompt with elevated privilege and navigate to \OpenSSL\bin folder
- Run the following command:
General Certificate Request
- In the command prompt, under the same \OpenSSL\bin folder
- Run the following command to generate .CSR and .KEY files
openssl req -out Request.csr –new -newkey rsa:2048 -nodes -keyout Private.key
The above command will ask you details and create a certificate request file Request.key and a private key file Private.key. You can change the key size from 2048 to your requirement. Click on the screenshot below to view the larger image.
- You can open the Request.csr file in notepad and copy its content or give this file to your security or PKI team to generate a certificate.
- Download the certificate in Base64 format and also download the CA certificate chain as well.
- After this you should have 2 more files: .CER and .P7B
Convert Chain certificate from .P7B to .CER
Nutanix will not accept the chain certificate in .p7b format. We will use the OpenSSL utility again to convert
- In the command prompt again, under the bin folder, run the following command:
openssl pkcs7 -print_certs -in ChainCert.P7B -out ChainCert.CER
The command requires you to specify the chain certificate file (ChainCert.P7B) and the desired output file name (ChainCert.Cer).
Import the certificate files
- Login to Nutanix Prism web console
- Click on the SSL Certificate option on top right
- Choose the option Import Key and Certificate and click on Apply.
- Choose the appropriate option for PRIVATE KEY TYPE (RSA 2048 bit)
- Browse under each category and upload the files we generated in the previous steps.
- Private Key — Private.Key file
- Public Certificate — CertNew.CER file
- CA Certification Chain — ChainCert.CER