Currently i’m running my home lab environment on three physical Intel NUC devices. ESXi 6.5 is installed on each one of the NUCs and they are running a vSAN cluster (two M2 SSD inside each NUC, one for cache and the other for the capacity tier). Each NUC comes with 32 GB memory and a Intel(R) Core(TM) i5-6260U CPU @ 1.80GHz installed as well. Due to the fact that the Intel NUCs are just not flexible enough for me to test certain scenarios I decided to expand my existing lab environment.
How to replace the self-signed certificate from vRealize Network Insight by a custom-cert from your own internal CA.
- Installed OpenSSL on Windows (http://gnuwin32.sourceforge.net/packages/openssl.htm)
- ESXi host with SSH enabled and reachable from the Network Insight Platform VM
- Filezilla client
Procedure to create CSR with SAN (Windows)
- Login into server where you have OpenSSL installed (or download it here)
- Go to the directory where openssl is located (on Windows)
- Create a file named sancert.cnf with the following information
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (NL) stateOrProvinceName = State or Province Name (ZH) localityName = Locality Name (AADR) organizationName = Organization Name (WGE) commonName = Common Name (e.g. server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = sslcert.wesleygeelhoed.nl DNS.2 = dns2.com DNS.3 = dns3.com
* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…
- Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf
This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!