Archive for August, 2011

Building the Site Out

0

We are builiding the site out a bit.  There are now seperate blogs for Main, How To, Rants, VCP5, and VMworld.  I have built a “Virtualization Masters” links menu off to the side so you can navigate between the blogs easily.  There is also a Profiles menu with pages for Paul, Scott, and I.  These will get populated soon.

Installing a SSL Certificate to Juniper Security Design vGW appliance

0

I would first like to start off saying that if you are not familiar with Linux, this one can be a bit of a pain the first time around. I eventually had to contact Juniper support to get the details on this and even they had a little trouble.

1) You will need to have to either SSH into the appliance or have console access. The preferred method would be to use SSH because the VMware console of the machine limits how much of previous commands you can see. Login to the appliance and type “advanced”.

2) Create a Key store and Private Key. This will be done using a Linux utility called “keytool”. You will be asked to provide passwords; Juniper suggests always using “altoraltor”

$JAVA_HOME/bin/keytool -genkey -alias “Name of Alias” -keyalg “Algorithm Type” -keysize “Size of Key” -keystore “Name of Key store”.jks
Example

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore test.jks

3) Generate a CSR

/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg “Algorithm Type” -alias “Name of Alias” -keysize “Size of key”-file “Name of CSR”.csr -keystore “Name of Key store”.jks

Example

/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg RSA -alias tomcat -keysize 2048 -file test.csr -keystore test.jks

4) Retrieve a certificate from your Certificate of Authority. Make sure to download the chain. With a Microsoft CA this ends up being a .PB7 file.

6) If you end up with a Microsoft Chain in PB7 format, right click the file and open with “Crypto Shell Extensions”. From here you should be able to right click the CA/Sub-CA Certs and export them.

5) Use WinSCP or FastSCP to copy the certificate and CA/Sub-CA Certs to the same location as the key store file.

6) Install the SSL Certs into the key store

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias “Name of Alias” -keystore “Name of keystore”.jks -file “certificate name”.cer

**Keep in mind that you must install the CA/Sub-CA certs before you can install the SSL Cert for the device, or you will get errors about the chain**

Example

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file CA.cer

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file Sub-CA.cer

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file test.cer

7) Gain sudo access

sudo su

8 ) Transfer the key store file (jks) to /var/lib/altor/cert

scp /usr/bin/jvm/sun-java-6u11/jre/bin/”Name of Keystore”.jks /var/lib/altor/cert/”Name of Keystore”.jks

Example

scp /usr/bin/jvm/sun-java-6u11/jre/bin/test.jks /var/lib/altor/cert/test.jks

9) Delete the public_keystore file

rm public_keystore

10) Copy Key store (jks) you created to public_keystore

cp “Name of Key store”.jks public_keystore

Example

cp test.jks public_keystore

11) Change ownership and permissions on public_keystore

chown tomcat public_keystore

chgrp tomcat public_keystore

12) Restart the Tomcat Service

god restart tomcat

Documenting Virtual Infrastructure with Visio

0

Within the past couple of months we have had two major crashes of our virtual infrastructure.  After the first crash we made some changes and moved our production vCenter servers to a management vCenter on separate hosts and our test vCenter servers to our View vCenter and our View vCenter servers to our production vCenter.  This allowed for a lot of separation of our vCenter’s, but also a lot to keep track of when our second crash occurred and we had to figure out where everything was located to start bringing up guests.
So I decided to make a nice diagram to keep in our data center to make things a little clearer on what our infrastructure looks like.  I found some cool Visio stencils for VMware here http://communities.vmware.com/docs/DOC-11498

 

I have not used them yet but I will keep you posted on how my diagram comes out.

 

NM vBeers August 18th @ Second Street Brewery in Santa Fe

0

Come join us for this months vBeers. EMC sponsering us this month. Looke below for details.

http://www.vbeers.org/2011/08/09/vbeers-santa-fe-new-mexico-thu-18th-august/

VMUG New Mexico

0

Dont forget the New Mexico VMUG meeting at 725 St. Michaels Santa Fe on 8/11/11  11:00 – 3:00.

 

Sponsored by Veam-

Virtualization Masters is Up!

0

Welcome to Virtualization Masters.  The Site is up and in the next few days you will start seeing Posts from Me(Jon Harris), Paul McQuaid, and Scott Seifert.  Now you enjoy.

Go to Top