Step 1 |
On the menu bar, choose Administrative > Security.
|
Step 2 |
In the Work pane, click on Certificate Authorities tab and then click on the Actions drop-down and select Create Certificate Authority.
|
Step 3 |
In the Create Certificate Authority dialog box, in the Name field, enter a name for the certificate authority and in the Description field, enter a description.
|
Step 4 |
Select System in the Used for field.
|
Step 5 |
In the Certificate Chain field, copy the intermediate and root certificates for the certificate authority that will sign the Certificate Signing Request
(CSR) for the Cloud Application Policy Infrastructure Controller (Cloud APIC). The certificate should be in Base64 encoded
X.509 (CER) format. The intermediate certificate is placed before the root CA certificate. It should look similar to the following
example:
-----BEGIN CERTIFICATE-----
<Intermediate Certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Root CA Certificate>
-----END CERTIFICATE-----
|
Step 6 |
Click Save.
|
Step 7 |
On the menu bar, choose Administrative > Security.
|
Step 8 |
In the Work pane, click on the Key Rings tab, then click on the Actions drop-down and select Create Key Ring.
|
Step 9 |
In the Create Key Ring dialog box, enter a name for the key ring in the Name field and a description in the Description field.
|
Step 10 |
Select System in the Used for field.
|
Step 11 |
For the Certificate Authority field, click on Select Certificate Authorityand select the Certificate Authority that you created earlier.
|
Step 12 |
Select either Generate New Key or Import Existing Key for the field Private Key. If you select Import Existing Key, enter a private key in the Private Key text box.
|
Step 13 |
Select modulus from the Modulus drop-down. menu
|
Step 14 |
In the Certificate field, do not add any content.
|
Step 15 |
Click Save.
In the Work pane, in the Key Rings area, the Admin State for the key ring created displays Started.
|
Step 16 |
Double-click on the created Key Ring to open Key Ring
key_ring_name dialog box from the Work pane.
|
Step 17 |
In the Work pane, click on Create Certificate Request.
|
Step 18 |
In the Subject field, enter the fully qualified domain name (FQDN) of the Cloud APIC.
|
Step 19 |
Fill in the remaining fields as appropriate.
|
Step 20 |
Click Save.
The Key Ring
key_ring_name dialog box appears.
|
Step 21 |
Copy the contents from the field Request to submit to the Certificate Authority for signing.
|
Step 22 |
From the Key Ring
key_ring_name dialog box, click on edit icon to display the Key Ring
key_ring_name dialog box.
|
Step 23 |
In the Certificate field, paste the signed certificate that you received from the certificate authority.
|
Step 24 |
Click Save to return to the Key Rings work pane.
The key is verified, and in the Work pane, the Admin State changes to Completed and is now ready for use in the HTTPs policy.
|
Step 25 |
Navigate to Infrastructure > System Configuration, then click the Management Access tab.
|
Step 26 |
Click the edit icon on the HTTPS work pane to display the HTTPS Settings dialog box.
|
Step 27 |
Click on Admin Key Ring and associate the Key Ring that you created earlier.
|
Step 28 |
Click Save.
All web servers restart. The certificate is activated, and the non-default key ring is associated with HTTPS access.
|