Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1923
Views
1
Helpful
0
Comments

How to update Self signed certificate on HyperFlex

Akiyoshi Kawaguchi
Cisco Employee
Cisco Employee

‎03-13-2023 12:33 AM - edited ‎03-13-2023 04:34 PM

This document explains how to update Self-signed certificate on HyperFlex.
HyperFlex service won't have an impact by this operation.

     

    1. Access to SCVM

    SSH to SCVM that has an cluster IP of management network.

     

    2. Create a new certificate

    Run the following command. In this example, a new certificate will be valid for 3650 days.

    hxshell:~$ openssl req -newkey rsa:2048 -nodes -keyout /tmp/server.key -x509 -days 3650 -out /tmp/server.crt
    Generating a RSA private key
    .....
    ......................
    writing new private key to '/tmp/server.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:CA
    Locality Name (eg, city) []:San Jose
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cisco Systems, Inc.
    Organizational Unit Name (eg, section) []:HyperFlex
    Common Name (e.g. server FQDN or YOUR name) []:XXXXX.cisco.com
    Email Address []:XXXXX@cisco.local

     

    Please confirm that a CRT file and a KEY file are created.

    hxshell:~$ ls -l /tmp/server*
    -rw-r--r-- 1 admin springpath 1452 Mar 10 11:25 /tmp/server.crt
    -rw-r--r-- 1 admin springpath 1704 Mar 10 11:25 /tmp/server.key

     

     

    3. Activate the new certificate

    Run the script "certificate_import_input.sh". The following actions will be done by the script.

    - Copy the new certificate to all SCVMs.

    - Restart nginx service.

    - Re-register HX cluster with vCenter.

    hxshell:~$ cd /usr/share/springpath/storfs-misc/hx-scripts/
    hxshell:/usr/share/springpath/storfs-misc/hx-scripts$ certificate_import_input.sh
    Enter the path for the key: /tmp/server.key
    Enter the path for the certificate in crt format: /tmp/server.crt
    Successfully installed certificate
    The cluster needs to be re-registered with vCenter for the certificate import to be completed.
    Do you want to continue with re-registration? (y/n): y
    Enter vCenter username (user@domain): administrator@vsphere.local
    Enter vCenter Password:
    Trying to retrieve vCenter information ....
    Cluster re-registration in progress ....
    Cluster re-registered successfully with vCenter !!

     

     

    4. Confirm the new certificate

    Confirm that valid data on a certificate is updated.

    cert.png

     

     

    Related Document:
    Cisco HX Data Platform Security Hardening Guide

    Labels:
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents

    Review Cisco Networking for a $25 gift card