Generate Self-Signed Certificates on the Orchestrator VM

Generate self-signed certificates on the Orchestrator VM and establish a secure connection with the server.

Create a bash script and run the script to generate the self-signed certificates.

Prerequisites

You must know the IP address of the Orchestrator and Mega-POP VMs.

Procedure

Create a bash script cert-gen.sh with the following information:

#!/bin/bash
  
IP1=$1
IP2=$2
  
echo "setting san with " $IP1 $IP2
#Setting certificate
yum install java-1.8.0-openjdk-devel -y
## creating jenkins home
mkdir -p /data/jenkins
  
mkdir -p /data/vcps/config/jenkins
rm -f /data/vcps/config/cert.jks  /data/vcps/config/jenkins/cert /data/vcps/config/jenkins/pk_rsa  /data/vcps/config/jenkins/pk /opt/keystore.p12  /opt/root.crt
  
keytool -keystore /data/vcps/config/cert.jks -storetype JKS -storepass passwd -genkey -keyalg RSA -validity 360 -keysize 2048 -alias http -ext san=ip:$IP1,ip:$IP2 -dname "CN=*.eng.vmware.com, OU=eng, O=vmware.com, L=Palo Alto S=California C=US"
  
  
keytool -export -storepass passwd -alias http -keystore /data/vcps/config/cert.jks -file /opt/root.crt
openssl x509 -inform der -in /opt/root.crt -out /data/vcps/config/jenkins/cert
  
keytool -importkeystore -srckeystore /data/vcps/config/cert.jks -srcstorepass passwd  -destkeystore /opt/keystore.p12 -deststorepass passwd -deststoretype PKCS12
openssl pkcs12 -in /opt/keystore.p12 -nodes  -nocerts -out /data/vcps/config/jenkins/pk -password pass:passwd
openssl rsa -in  /data/vcps/config/jenkins/pk -out /data/vcps/config/jenkins/pk_rsa
  
cat /data/vcps/config/jenkins/cert | openssl x509 -noout -text
cat /data/vcps/config/jenkins/cert | openssl x509 -noout -text  | grep IP
rm -f /data/jenkins/userContent/jenkins.pem
cp /data/vcps/config/jenkins/cert /data/jenkins/userContent/jenkins.pem
  
echo 'done cert generation'

Run this script at the command prompt with the IP address of the Orchestrator and Mega-POP VMs as the input parameters:
./cert-gen.sh $ORCH_IP $MEGAPOP_VM

Note: If you saved the cert-gen.sh file in Windows, you may get the following error when you run this script: Error: /bin/bash^M: bad interpreter: No such file or directory

To resolve this error, run the following command: sed -i -e `s/\r$//` certgen.sh