This section describes how to install an SSL certificate.

To install an SSL certificate:

1. Login into the SD-WAN Orchestrator CLI console through SSH. If you configured the SD-WAN Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and password that you defined when you created the cloud-init ISO.
2. Generate the SD-WAN Orchestrator private key.
   Note: Do not encrypt the key. It must remain unencrypted on the SD-WAN Orchestrator system.

   openssl genrsa -out server.key 2048

3. Generate a certificate request. Customize -subj according to your organization information.

   openssl req -new -key server.key -out
   server.csr -subj "/C=US/ST=California/L=Mountain View/O=Velocloud Networks
   Inc./OU=Development/CN=vco.velocloud.net"

   Description of Subject fields:

   Field	Description
   C	country
   ST	state
   L	locality (city)
   O	company
   OU	department (optional)
   CN	SD-WAN Orchestrator fully qualified domain name

4. Send server.csr to a Certificate Authority for signing. You should get back the SSL certificate (server.crt). Ensure that it is in the PEM format.
5. Install the certificate (which requires root access). SD-WAN Orchestrator SSL certificates are located in /etc/nginx/velocloud/ssl/.

   cp server.key server.crt /etc/nginx/velocloud/ssl/
   chmod 600 /etc/nginx/velocloud/ssl/server.key

6. Restart nginx.

   systemctl restart nginx