cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to trust an additional CA on the CloudCenter Orchestrator appliance

815
Views
1
Helpful
0
Comments

Summary:


These tasks are necessary when the CloudCenter Orchestrator (CCO) appliance is required to communicate with ecosystem products but cannot do so without the trusted SSL root/intermediate certificate (*.crt/*.cer) provided by a CA. Without this cert, the CCO will receive an error stating that the server certificate received is not trusted. Usually root certificate is present in the certificate bundle provided by your SSL service provider along with intermediate and server certificates. Here I assume that you have already obtained the certificate(s) to be installed onto the CCO.

Logging on to the CloudCenter Orchestrator (CCO):


The following are sample methods of authenticating to a CCO image provided by Cisco

IaaS
FormatUsernamePassword
vCenterOVArootwelcome2cliqr
Amazon AWSAMIcentosN/A  *key pair required
OpenStackQCOWrootN/A  *key pair required
MetaCloudRAW (converted from QCOW)rootwelcome2cliqr or key pair

Editing the properties files:

  • Step 1: Install the ca-certificates package
    • commandyum install -y ca-certificates
  • Step 2: Enable the dynamic CA configuration feature
    • commandupdate-ca-trust force-enable
  • Step 3: Convert the *.cer file into *.pem format (assuming the original is named cert.cer)
    • commandopenssl x509 -inform der -in cert.cer -out cert.pem
  • Step 4: Place the *.pem file(s) into the /etc/pki/ca-trust/source/anchors directory (assuming the source directory is /tmp)
    • commandcp /tmp/cert.pem /etc/pki/ca-trust/source/anchors
  • Step 5: Add the certificates
    • commandupdate-ca-trust extract
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.