- Use scp to copy the usagemeter.key and usagemeter.crt files to the /tmp directory of the appliance: $ scp usagemeter.crt usagemeter.key usagemeter@<umhostname>:/tmp
If this does not work you will first need to enable ssh for your appliance.
- Log on to the usage meter appliance and change directory to the usage meter config files directory. Please log in using the ‘usagemeter’ account, not the ‘root’ account. These instructions that follow will not work (because of file ownership and permissions issues) if you run them as root.
$ ssh usagemeter@<umhostname>
$ cd /opt/vmware/cloudusagemetering/conf
- Create directories to hold your signed certificate and private key files:
$ mkdir nginx
$ mkdir nginx/ssl
- Move the key and certificate files from the /tmp directory (where you copied them with scp in step 1) to these new directories
$ mv /tmp/usagemeter.crt nginx/ssl
$ mv /tmp/usagemeter.key nginx/ssl
- Set restrictive permissions on these two files:
$ chmod 600 nginx/ssl/*
- Make a backup copy of the nginx.conf file in case this procedure fails and you need to revert to the self-signed certificate:
$ cp nginx.conf nginx.conf.bak
- Use vi or another editor to edit the nginx.conf file. Near the bottom of the file you will see two lines that look like this:
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
You need to edit those lines to read as follows:
ssl_certificate nginx/ssl/usagemeter.crt;
ssl_certificate_key nginx/ssl/usagemeter.key;
Note that nginx.conf is a read-only file. If you edit with vi, you will need to save and quit with :wq! If you use a different editor you may need to first change the file permissions with chmod, then edit and save and then restore the file permissions with chmod.
- Reboot the usage meter appliance to restart the web server. If you know the root password for the appliance, you can reboot like this:
$ su
# reboot
If you don’t have the root password, then reboot (or power off/power on) the appliance from vCenter.
- After waiting a minute for the appliance to reboot, you can verify that this procedure worked by connecting to the usage meter appliance with a web browser. Use whatever hostname or IP address you specified as the “common name” in your Certificate Signing Request. Use the https protocol and port number 8443, for a URL like https://<hostname>:8443. You should not see any security warnings and your browser should display a padlock or similar icon to indicate that you have established a secure connection.