Today I had an unfortunate power outage at my home, therefore my lab was shutdown inadvertently. After powering up my systems again some Ubiquiti devices which were registered with my Unifi Controller had the disconnected status, even though I was able to ping them. After some reboots, and re-adoptions I didn’t get them online. (more…)
Currently i’m running my home lab environment on three physical Intel NUC devices. ESXi 6.5 is installed on each one of the NUCs and they are running a vSAN cluster (two M2 SSD inside each NUC, one for cache and the other for the capacity tier). Each NUC comes with 32 GB memory and a Intel(R) Core(TM) i5-6260U CPU @ 1.80GHz installed as well. Due to the fact that the Intel NUCs are just not flexible enough for me to test certain scenarios I decided to expand my existing lab environment.
How to replace the self-signed certificate from vRealize Network Insight by a custom-cert from your own internal CA.
- Installed OpenSSL on Windows (http://gnuwin32.sourceforge.net/packages/openssl.htm)
- ESXi host with SSH enabled and reachable from the Network Insight Platform VM
- Filezilla client
Procedure to create CSR with SAN (Windows)
- Login into server where you have OpenSSL installed (or download it here)
- Go to the directory where openssl is located (on Windows)
- Create a file named sancert.cnf with the following information
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (NL) stateOrProvinceName = State or Province Name (ZH) localityName = Locality Name (AADR) organizationName = Organization Name (WGE) commonName = Common Name (e.g. server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = sslcert.wesleygeelhoed.nl DNS.2 = dns2.com DNS.3 = dns3.com
* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…
- Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf
This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!