Increase OpenSSL certificate signing period in SDDC Manager.
search cancel

Increase OpenSSL certificate signing period in SDDC Manager.

book

Article ID: 381767

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Process of increasing the signing period for OpenSSL certificates. 

1. SSH into the SDDC Manager appliance with vcf and then elevate to root with su. 

2. Take a backup of the required files. 

cp -p /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.conf /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.conf-ORIG-$(date "+%m%d%Y-%s")

cp -p /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.cnf /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.cnf-ORIG-$(date "+%m%d%Y-%s")

3. Edit the two OpenSSL files configuration files with the desired expiry period. 

Modify the 'default_days =' value to the desired value. 

vi /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.conf

vi /opt/vmware/vcf/operationsmanager/certificates/openssl-ca/openssl.cnf

4. Generate CSRs for the desired components in the SDDC Manager UI. 

Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Resolution

This functionality will be available via API in a future release of SDDC Manager. 

Powered by Wolken Software