You can replace the default certificates with custom certificates as per the organization policy and practice to enforce the standard compliance and security practices. To replace a certificate, generate a certificate signing request as per the guidance from your organization or by using the steps described in this section. You may want to get the certificate signed by certificate authority and replace the certificates for the VMware Skyline Health Diagnostics appliance.

Prerequisites

  • Verify that you have root user credentials for the VMware Skyline Health Diagnostics appliance.

  • For more information about enabling the root user log in to the VMware Photon OS, see: https://vmware.github.io/Photon/assets/files/html/3.0/Photon_troubleshoot/permitting-root-login-with-ssh.html (This configuration is not necessary for the VMware Skyline Health Diagnostics appliance as by default it is configured to allow root user log in through SSH).

  • Verify that you can log in using root credentials to the VMware Skyline Health Diagnostics appliance console.

Procedure

  1. Open the Skyline Health Diagnostics appliance console using the VMware vSphere client or Secure Shell (SSH) client.
  2. Log in as root user.
  3. To navigate to the root directory, run the command cd /.
  4. Create a directory under the root folder on the VMware Skyline Health Diagnostics appliance, run the command mkdir newcert.
  5. Change the working directory to the new directory, run the command cd newcert.
  6. Copy the configuration file to the present location, run the command cp /opt/vmware-shd/vmware-shd/conf/ssl/conf ./..
  7. Edit the configuration as required,
    1. Edit the configuration file using vi editor, by using vi conf.
    2. Match your organization details, edit the [req_distinguished_name ] section.
    3. Set the entries for commonName and DNS.1 to match the FQDN of the appliance.
  8. Generate a new certificate signing request, run the command openssl req -new -config conf -newkey rsa:2048 -nodes -keyout rui.key -out rui.csr.

    Key and certificate signing request (CSR) files are created in the current directory. (rui.csr, rui.key).

  9. Use the rui.csr file for signing request from the certificate authority.

Results

The certificate signing request is generated.

What to do next

Send the certificate signing request file rui.csr to your certificate authority for signing.