Embed Size (px)
DESCRIPTION
This procedure allows a student in a vSphere 5.1 class to get resxtopworking in the vMA with self signed SSL certificates.
Citation preview
This procedure allows a student in a vSphere 5.1 class to get resxtop working in the vMA with self signed SSL certificates.
Task 1 – Create a Certificate for your ESXi hosts 1. Download the generateSSLSelfSignCert.sh from
http://communities.vmware.com/docs/DOC-21142 and save it to your Desktop. 2. Use winscp to transfer the script to your vMA virtual machine and save it to the home
directory of vi-admin: 1. From the Desktop system, launch winscp
2. Enter the vMA host name and user and password (see Lab 1 in your lab configuration sheet for the vMA system name, user and password).
3. Click Login 4. In the left panel, browse to your local desktop.
5. Drag and drop the generateSSLSelfSignCert.sh script from the left panel to the right panel. Choose “Copy” when prompted.
3. Log in to your vMA using putty. Create a file, listServers, which contains your two
ESXi host names: 1. At the command line type in the following: cat > listServers <<EOF esxi01.vclass.local esxi02.vclass.local EOF 4. Generate new certificates for your ESXi hosts: 1. Make the script executable chmod 555 generateSSLSelfSignCert.sh 2. Execute the script ./generateSSLSelfSignCert.sh listServers 5. Now copy the two new certificates to your ESXi hosts:
scp ssl-certs/esxi01/rui* [email protected]:/etc/vmware/ssl
scp ssl-certs/esxi02/rui* [email protected]:/etc/vmware/ssl 6. Restart the rhttpproxy service on both ESXi hosts: ssh [email protected] “/etc/init.d/rhttpproxy restart” ssh [email protected] “/etc/init.d/rhttpproxy restart”
7. After restarting the service, your hosts will disconnect from vCenter. Login to the vSphere client and right click on the hosts and select “Connect”. The connect will fail with a digital certificate verification error but you will get prompted to enter the root password. Go ahead and accept the new certificate. Accept the defaults on all other screens and reconnect your hosts. 1. If your host has not automatically disconnected, disconnect it now. 1. Right click on your host and select Disconnect. 2. Right click on your host and select Connect. Click Yes when prompted to reconnect. 3. Click Close when you get the error about the SSL certificate verification failure. 4. When prompted, enter the root user and password for your ESXi host. 5. Accept the new certificate. 6. Accept all the defaults on the remaining steps and click Finish. 8. Update the vMA environment to use the new keys. 1. First make a backup of the .bashrc file: cp .bashrc .bashrc.bak 2. Next, append two lines to the .bashrc file: cat >> .bashrc << EOF export HTTPS_CA_DIR=/home/vi-admin/ssl-certs export HTTPS_CA_FILE=/home/vi-admin/ssl-certs/cacert.pem EOF 3. Now reload the current shell environment
. .bashrc
9. Test your setup vifptarget -s esxi01 resxtop
![KORUS업무포털사용자등록및로그인가이드 - Kangwon · II - 2 SSL VPN 계정신청(최초1회) - 서식참조 I. SSL VPN 접속 [ SSL VPN 사용자ID 신청리스트]](https://img.pdfslide.net/doc/110x75/5f06912d7e708231d418a10a/koruseeeeeoeeeeoe-kangwon-ii-2-ssl-vpn-eoe1oe.jpg)
