You create a CA certificate for the Mirage Gateway server using OpenSSL.
About this task
Linux is case sensitive.
Procedure
- Access the OpenSSL command prompt.
- Create a root CA certificate.
openssl req -newkey rsa:4096 -sha512 -days 9999 -x509 -nodes -out root.cer
- Create additional internal data used in the server.conf file.
touch certindex
echo 000a > certserial
echo 000a > crlnumber
- Generate a CA certificate request for the Mirage Gateway server and the Mirage server.
openssl req -newkey rsa:4096 -sha512 -nodes -out server.csr -keyout server.key -subj "/C=CN/ST=bj/L=bj/O=VMware/OU=EUC/CN=10.117.162.236"
The value for the CN variable must be the same as the FQDN or the IP address of the Mirage server specified during the Mirage server installation.
- Create a certificate for the Mirage Image Service Gateway server and the Mirage Image Service server.
openssl ca -batch -config server.conf -notext -in server.csr -out server.cer
- Convert the certificate for the Mirage Gateway server to .pem format.
cat server.key server.cer >GW.pem
- Convert the certificate for the Mirage server to .pfx format.
openssl pkcs12 -export -inkey server.key -in server.cer -out Server.pfx
Results
Import the certificate by using the Web console.