We are builiding the site out a bit. There are now seperate blogs for Main, How To, Rants, VCP5, and VMworld. I have built a “Virtualization Masters” links menu off to the side so you can navigate between the blogs easily. There is also a Profiles menu with pages for Paul, Scott, and I. These will get populated soon.
I would first like to start off saying that if you are not familiar with Linux, this one can be a bit of a pain the first time around. I eventually had to contact Juniper support to get the details on this and even they had a little trouble.
1) You will need to have to either SSH into the appliance or have console access. The preferred method would be to use SSH because the VMware console of the machine limits how much of previous commands you can see. Login to the appliance and type “advanced”.
2) Create a Key store and Private Key. This will be done using a Linux utility called “keytool”. You will be asked to provide passwords; Juniper suggests always using “altoraltor”
$JAVA_HOME/bin/keytool -genkey -alias “Name of Alias” -keyalg “Algorithm Type” -keysize “Size of Key” -keystore “Name of Key store”.jks
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore test.jks
3) Generate a CSR
/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg “Algorithm Type” -alias “Name of Alias” -keysize “Size of key”-file “Name of CSR”.csr -keystore “Name of Key store”.jks
/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg RSA -alias tomcat -keysize 2048 -file test.csr -keystore test.jks
4) Retrieve a certificate from your Certificate of Authority. Make sure to download the chain. With a Microsoft CA this ends up being a .PB7 file.
6) If you end up with a Microsoft Chain in PB7 format, right click the file and open with “Crypto Shell Extensions”. From here you should be able to right click the CA/Sub-CA Certs and export them.
5) Use WinSCP or FastSCP to copy the certificate and CA/Sub-CA Certs to the same location as the key store file.
6) Install the SSL Certs into the key store
/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias “Name of Alias” -keystore “Name of keystore”.jks -file “certificate name”.cer
**Keep in mind that you must install the CA/Sub-CA certs before you can install the SSL Cert for the device, or you will get errors about the chain**
/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file CA.cer
/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file Sub-CA.cer
/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file test.cer
7) Gain sudo access
8 ) Transfer the key store file (jks) to /var/lib/altor/cert
scp /usr/bin/jvm/sun-java-6u11/jre/bin/”Name of Keystore”.jks /var/lib/altor/cert/”Name of Keystore”.jks
scp /usr/bin/jvm/sun-java-6u11/jre/bin/test.jks /var/lib/altor/cert/test.jks
9) Delete the public_keystore file
10) Copy Key store (jks) you created to public_keystore
cp “Name of Key store”.jks public_keystore
cp test.jks public_keystore
11) Change ownership and permissions on public_keystore
chown tomcat public_keystore
chgrp tomcat public_keystore
12) Restart the Tomcat Service
god restart tomcat
Within the past couple of months we have had two major crashes of our virtual infrastructure. After the first crash we made some changes and moved our production vCenter servers to a management vCenter on separate hosts and our test vCenter servers to our View vCenter and our View vCenter servers to our production vCenter. This allowed for a lot of separation of our vCenter’s, but also a lot to keep track of when our second crash occurred and we had to figure out where everything was located to start bringing up guests.
So I decided to make a nice diagram to keep in our data center to make things a little clearer on what our infrastructure looks like. I found some cool Visio stencils for VMware here http://communities.vmware.com/docs/DOC-11498
I have not used them yet but I will keep you posted on how my diagram comes out.
Come join us for this months vBeers. EMC sponsering us this month. Looke below for details.