Summary:
These tasks are necessary when the CloudCenter Orchestrator (CCO) appliance is required to communicate with ecosystem products but cannot do so without the trusted SSL root/intermediate certificate (*.crt/*.cer) provided by a CA. Without this cert, the CCO will receive an error stating that the server certificate received is not trusted. Usually root certificate is present in the certificate bundle provided by your SSL service provider along with intermediate and server certificates. Here I assume that you have already obtained the certificate(s) to be installed onto the CCO.
Logging on to the CloudCenter Orchestrator (CCO):
The following are sample methods of authenticating to a CCO image provided by Cisco
|
vCenter | OVA | root | welcome2cliqr |
Amazon AWS | AMI | centos | N/A *key pair required |
OpenStack | QCOW | root | N/A *key pair required |
MetaCloud | RAW (converted from QCOW) | root | welcome2cliqr or key pair |
Editing the properties files:
- Step 1: Install the ca-certificates package
command | yum install -y ca-certificates |
- Step 2: Enable the dynamic CA configuration feature
command | update-ca-trust force-enable |
- Step 3: Convert the *.cer file into *.pem format (assuming the original is named cert.cer)
command | openssl x509 -inform der -in cert.cer -out cert.pem |
- Step 4: Place the *.pem file(s) into the /etc/pki/ca-trust/source/anchors directory (assuming the source directory is /tmp)
command | cp /tmp/cert.pem /etc/pki/ca-trust/source/anchors |
- Step 5: Add the certificates
command | update-ca-trust extract |