This section describes how to install an SSL certificate.

To install an SSL certificate:

  1. Login into the SD-WAN Orchestrator CLI console through SSH. If you configured the SD-WAN Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and password that you defined when you created the cloud-init ISO.
  2. Generate the SD-WAN Orchestrator private key.
    Note: Do not encrypt the key. It must remain unencrypted on the SD-WAN Orchestrator system.
    openssl genrsa -out server.key 2048
  3. Generate a certificate request. Customize -subj according to your organization information.
    openssl req -new -key server.key -out
    server.csr -subj "/C=US/ST=California/L=Mountain View/O=Velocloud Networks
    Description of Subject fields:
    Field Description
    C country
    ST state
    L locality (city)
    O company
    OU department (optional)
    CN SD-WAN Orchestrator fully qualified domain name
  4. Send server.csr to a Certificate Authority for signing. You should get back the SSL certificate (server.crt). Ensure that it is in the PEM format.
  5. Install the certificate (which requires root access). SD-WAN Orchestrator SSL certificates are located in /etc/nginx/velocloud/ssl/.
    cp server.key server.crt /etc/nginx/velocloud/ssl/
    chmod 600 /etc/nginx/velocloud/ssl/server.key
  6. Restart nginx.
    systemctl restart nginx