You will provide the NSX Manager & Superuser Principal Identify certificates in the Ops manager while deploying Bosh/PKS tiles.
To generate and register these certificates, see the below pages in VMware PKS documentation:
Workaround:
Alternatively, use the following two scripts to generate the
Super User Principal Identity certificate and private key and register the identity with NSX Manager:
- create_certificate.sh – Creates the certificate and private key and uploads the certificate to NSX Manager
- create_pi.sh – Creates the principal identity from the certificate and registers the identity with NSX Manager
NOTE: These scripts must be run on a Linux host with OpenSSL installed. In addition, the Linux host must be able to call the NSX Manager API. A good place to run these scripts is the PKS Client VM where the PKS CLI is installed.
- Download the scripts:
http://storage.googleapis.com/pks-releases/scripts/create_certificate.sh
http://storage.googleapis.com/pks-releases/scripts/create_pi.sh
- Log into a Linux VM in your PKS environment, such as the PKS Client VM.
- Run the following command to create an empty file for the first script: nano create_certificate.sh
- Copy the contents of the create_certificate.sh script you downloaded to the new file you created.
- Update the values for the first two lines to match your environment:
- NSX_MANAGER_IP – IP address of the NSX Manager host
- NSX_MANAGER_USERNAME – Username for NSX Manager
- Save the script and run it using the following command: bash create_certificate.sh
- When prompted enter the NSX_MANAGER_PASSWORD for the NSX user you provided in the script.
- Verify results: the certifcate and private key are generated; the certificate is uploaded to the NSX Manager and the CERTIFICATE_ID value is returned to the console. You need this ID for the second script.
- Run the following command to create an empty file for the second script: nano create_pi.sh
- Copy the contents of create_pi.sh script you download to the new file you created.
- Update the values for the first three lines to match your environment.
- NSX_MANAGER_IP – IP address of the NSX Manager host
- NSX_MANAGER_USERNAME – Username for NSX Manager
- CERTIFICATE_ID – Returned from the create_certificate.sh script
- Save the script and run it using the following command: bash create_pi.sh
- When prompted enter the NSX_MANAGER_PASSWORD for the NSX user you provided in the script.
- During configuration of PKS, copy/paste the contents of the certificate and private key to the NSX Manager Super User Principal Identity Certificate fields in the Networking tab of the PKS tile.