This section describes how to install an SSL certificate.
To install an SSL certificate:
- Login into the SASE Orchestrator CLI console through SSH. If you configured the SASE Orchestrator as described here, you should be able to log into the virtual machine with the user name
vcadmin
and password that you defined when you created the cloud-init ISO. - Generate the SASE Orchestrator private key.
Note: Do not encrypt the key. It must remain unencrypted on the SASE Orchestrator system.
openssl genrsa -out server.key 2048
- Generate a certificate request. Customize
-subj
according to your organization information.openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=Mountain View/O=Velocloud Networks Inc./OU=Development/CN=vco.velocloud.net"
Description of Subject fields:Field Description C country ST state L locality (city) O company OU department (optional) CN SASE Orchestrator fully qualified domain name - Send server.csr to a Certificate Authority for signing. You should get back the SSL certificate (server.crt). Ensure that it is in the PEM format.
- Install the certificate (which requires root access). SASE Orchestrator SSL certificates are located in /etc/nginx/velocloud/ssl/.
cp server.key server.crt /etc/nginx/velocloud/ssl/ chmod 600 /etc/nginx/velocloud/ssl/server.key
- Restart nginx.
systemctl restart nginx