openfiler ssl 설정 [관리자 admin]

<div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/3b68f8edd96be33c70f9ada3a1ab1b576de052cd" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/3b68f8edd96be33c70f9ada3a1ab1b576de052cd" data-origin-width="470" data-origin-height="95"></div><p style="text-align: start;"><b>Stop Openfiler service.</b></p><p style="text-align: start;"># Service Openfiler stop</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/c005628bec2e382f35a3802e44599c60b4febfbb" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/c005628bec2e382f35a3802e44599c60b4febfbb" data-origin-width="469" data-origin-height="51"></div><p>Generate the New SSL key from existing key.</p><p style="text-align: start;">#openssl genrsa -out ssl.key/openfiler-dummy-server-1.key 2048</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/908b78d43c8a831e0e969cd0789aaae2d0fcc364" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/908b78d43c8a831e0e969cd0789aaae2d0fcc364" data-origin-width="470" data-origin-height="66"></div><p>Generate CSR Request</p><p style="text-align: start;">#openssl req -new -key ssl.key/openfiler-dummy-server-1.key -out ssl.csr/openfiler-dummy-server-1.csr</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/aa925add6a993a6285c86c4b47980319895ea027" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/aa925add6a993a6285c86c4b47980319895ea027" data-origin-width="470" data-origin-height="166"></div><p style="text-align: start;"><b>Take the CSR file generated and get your certificate.</b></p><p style="text-align: start;">Login to SCP and copy the certificate request to CA Server<b> (192.168.150.2).</b></p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/366c5acc53861cc89b32d79ecd9dc66cd35a23cc" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/366c5acc53861cc89b32d79ecd9dc66cd35a23cc" data-origin-width="469" data-origin-height="279"></div><p style="text-align: start;">Go to “<b>/opt/Openfiler/etc/httpd/conf/ssl.csr” </b>on open filer machine and copy the cert to your CA Server<b>.</b></p><p style="text-align: start;">Use drag and drop for copy.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/1c5ba2af39f24067cd6422f6d3f5d9b5686cc851" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/1c5ba2af39f24067cd6422f6d3f5d9b5686cc851" data-origin-width="470" data-origin-height="72"></div><p>Request the Certificate from Mircrosoft CA.</p><p style="text-align: start;">Log in to the Microsoft CA certificate authority web interface. By default, it is <a style="color: #0da4d3;" href="http://%3Cservername%3E/CertSrv/" target="_top" class="ke-link">http://<servername>/CertSrv/</a></p><p style="text-align: start;">Click <b>“Request a certificate”</b>.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/752855a5c7daa6d4f663dbb6a78eb9872661f0ea" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/752855a5c7daa6d4f663dbb6a78eb9872661f0ea" data-origin-width="470" data-origin-height="176"></div><p style="text-align: start;">Click “<b>advanced certificate request</b>”.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/de517878eddac8df2b22b193b38c89443bbe5136" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/de517878eddac8df2b22b193b38c89443bbe5136" data-origin-width="435" data-origin-height="183"></div><p style="text-align: start;">Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or<b> “submit a renewal request by using a base-64-encoded PKCS #7”</b> file.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/a2f65555cd2164b4cbbaf59eb07cb3d049dd4e72" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/a2f65555cd2164b4cbbaf59eb07cb3d049dd4e72" data-origin-width="470" data-origin-height="90"></div><p style="text-align: start;">Open the certificate request (<b>openfiler-dummy-server-1.csr) </b>file in a plain text editor.</p><p style="text-align: start;">Copy from —–BEGIN CERTIFICATE REQUEST—– to —–END CERTIFICATE REQUEST—– into the Saved Request box. Make sure no blank space exists in the start and end.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/a896d94c00c5771e70f567d4bf4be0464fd9a167" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/a896d94c00c5771e70f567d4bf4be0464fd9a167" data-origin-width="470" data-origin-height="315"></div><p style="text-align: start;">Click <b>“VMWare Template</b>” (which we created in CA Server installation section, if you don’t remember it.click <a style="color: #0da4d3;" href="https://vmexpo.wordpress.com/2014/05/02/cloud-lab-4-create-ssl-template-in-microsoft-ca-for-vmware-vsphere/" target="_blank" class="ke-link">here</a>.). </p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/45b0f87667bffe1c531443cf2a9b87319f917ba4" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/45b0f87667bffe1c531443cf2a9b87319f917ba4" data-origin-width="470" data-origin-height="451"></div><p style="text-align: start;">Click <b>“Submit” </b>to submit the request.</p><p style="text-align: start;">Click “<b>Base 64 encoded</b>” on the Certificate issued screen.</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/c0dab0679ee1660b8b14af5e39a5308b1fc56029" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/c0dab0679ee1660b8b14af5e39a5308b1fc56029" data-origin-width="470" data-origin-height="200"></div><p style="text-align: start;">Click <b>“Download Certificate</b>”.</p><p style="text-align: start;"><b>*NOTE:</b> Save the certificate on the desktop or any other drive of the server as <b>“openfiler-dummy-server-1.crt”</b>*</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/688ee41fa0817c89b02ebcf532a03d49feacde45" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/688ee41fa0817c89b02ebcf532a03d49feacde45" data-origin-width="469" data-origin-height="58"></div><p>Install the Newly Signed Certificate in openfiler</p><p style="text-align: start;">Now copy your signed certificate back to Openfiler machine.</p><p style="text-align: start;">Use <b>“WinSCP”</b> to login on openfiler. From WinSCP change directory <b>“/opt/Openfiler/etc/httpd/conf/ssl.crt” as shown below on right side windows</b></p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/86c75ac201099829a252b944fff118a5b928a732" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/86c75ac201099829a252b944fff118a5b928a732" data-origin-width="470" data-origin-height="96"></div><p style="text-align: start;"><b>*NOTE: </b>it’s not necessary to make the backup of orginal .crt file. But its already good practice to take backup before copy new one<b>*</b></p><p style="text-align: start;"><b> Start the Openfiler service</b></p><p style="text-align: start;"># Service Openfiler start</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/cb5cd07e02c85dccb8d152612ff27a51f10ee5f8" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/cb5cd07e02c85dccb8d152612ff27a51f10ee5f8" data-origin-width="470" data-origin-height="31"></div><p>Verify</p><p style="text-align: start;">Login to Openfiler web GUI (<b></b><b><a href="https://cloud-vsan.vmlab.com:446" target="_top" class="ke-link">https://cloud-vsan.vmlab.com:446</a></b>)</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1XYnU/cc4b66ba0544df29c77de1c0d605d61b7ac6c9a7" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1XYnU/cc4b66ba0544df29c77de1c0d605d61b7ac6c9a7" data-origin-width="470" data-origin-height="33"></div><p style="text-align: start;">You have noticed certificate warning is gone. See the yellow highlighted sign for trust CA.</p>