BladeSystem - General
1747984 Members
4649 Online
108756 Solutions
New Discussion

How to go back to self-signed certificate on Virtual Connect?

 
chuckk281
Trusted Contributor

How to go back to self-signed certificate on Virtual Connect?

Holger had an interesting customer question:

 

***************

 

A customer has uploaded their own SSL certificate to the Virtual Connect.

This certificate has expired and he would like to go back to the initial self-signed certificate (which he did not back up earlier).

 

Does someone know how this can be done?

Any documentation I can find does not explain anything about recreating the initial self-signed certificate.

 

**************

 

Input from Chris:

 

*****************

 

VC Manager doesn't support recreating SSL Signed Certs within the WebUI or CLI.  However, you can create a new SSL Cert Request, and use it instead.  I should note that I haven't tried it myself, but it should work.  You can refer to this site for more info on creating an Apache Self-Signed Certificate:  http://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html

 

**************

 

Any other help or suggestions?

 

1 REPLY 1
Holger
New Member

Re: How to go back to self-signed certificate on Virtual Connect?

Here's the solution (many thanks to Reiner Rottmann!)

 

One does need a freshly setup Certificat Authority (CA) and a freshly created selfsigned 4096 Bit Certificate.

1)
$ openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................++
............................................................................++
e is 65537 (0x10001)


2)
$ openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:


3a)
$ ls
ca.crt  ca.key


3b)
$ cat ca.crt
-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----


4)
$ cat > vc.csr <<CSR
-----BEGIN CERTIFICATE REQUEST-----

...

-----END CERTIFICATE REQUEST-----
CSR


5)
$ openssl x509 -req -days 3650 -in vc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out vc.crt
Signature ok
subject=/O=Hewlett-Packard/OU=Virtual Connect Manager/CN=<IP-Adress>
Getting CA Private Key


$ cat vc.crt
-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

6)
$ scp vc.crt root@host:/var/ftp/pub

$ ssh Administrator@vc
Password:
Last login: Fri May 18 14:26:38 2012 from IP-Adress
-------------------------------------------------------------------------------
HP Virtual Connect Management CLI v3.18
Build: 3.18-3 (r46087) Apr  1 2011 17:45:49
(C) Copyright 2006-2011 Hewlett-Packard Development Company, L.P.
All Rights Reserved
-------------------------------------------------------------------------------

6a)
->load ssl-certificate Address=ftp://anonymous:no@<IP-adress> Filename=/pub/vc.crt
SUCCESS: SSL certificate transferred and applied

6b)
->show ssl-certificate
=============================================================
Serial Number  Issuer             Subject
=============================================================
01             :customer   IP-Adress:Virtual
                                  Connect
                                  Manager:Hewlett-Packard
-------------------------------------------------------------