Generate self-signed certificates on the Orchestrator VM and establish a secure connection with the server.

Create a bash script and run the script to generate the self-signed certificates.


You must know the IP address of the Orchestrator and Mega-POP VMs.


  1. Create a bash script with the following information:
    echo "setting san with " $IP1 $IP2
    #Setting certificate
    yum install java-1.8.0-openjdk-devel -y
    ## creating jenkins home
    mkdir -p /data/jenkins
    mkdir -p /data/vcps/config/jenkins
    rm -f /data/vcps/config/cert.jks  /data/vcps/config/jenkins/cert /data/vcps/config/jenkins/pk_rsa  /data/vcps/config/jenkins/pk /opt/keystore.p12  /opt/root.crt
    keytool -keystore /data/vcps/config/cert.jks -storetype JKS -storepass passwd -genkey -keyalg RSA -validity 360 -keysize 2048 -alias http -ext san=ip:$IP1,ip:$IP2 -dname "CN=*, OU=eng,, L=Palo Alto S=California C=US"
    keytool -export -storepass passwd -alias http -keystore /data/vcps/config/cert.jks -file /opt/root.crt
    openssl x509 -inform der -in /opt/root.crt -out /data/vcps/config/jenkins/cert
    keytool -importkeystore -srckeystore /data/vcps/config/cert.jks -srcstorepass passwd  -destkeystore /opt/keystore.p12 -deststorepass passwd -deststoretype PKCS12
    openssl pkcs12 -in /opt/keystore.p12 -nodes  -nocerts -out /data/vcps/config/jenkins/pk -password pass:passwd
    openssl rsa -in  /data/vcps/config/jenkins/pk -out /data/vcps/config/jenkins/pk_rsa
    cat /data/vcps/config/jenkins/cert | openssl x509 -noout -text
    cat /data/vcps/config/jenkins/cert | openssl x509 -noout -text  | grep IP
    rm -f /data/jenkins/userContent/jenkins.pem
    cp /data/vcps/config/jenkins/cert /data/jenkins/userContent/jenkins.pem
    echo 'done cert generation'
  2. Run this script at the command prompt with the IP address of the Orchestrator and Mega-POP VMs as the input parameters:
    Note: If you saved the file in Windows, you may get the following error when you run this script: Error: /bin/bash^M: bad interpreter: No such file or directory

    To resolve this error, run the following command: sed -i -e `s/\r$//`