The first step is to generate the CSR, which will be displayed on the screen and can be copied into the Certificate Authority (CA) to request the certificate.
Note: Avoid using CTRL+C
, as the terminal may log out.
CSR Creation on Controller A
create certificate-signing-request subject "/C=US/ST=NY/L=NewYork/O=ExampleCorp/OU=IT/CN=pvm-controllerA.example.com" extensions "/subjectAltName=DNS:pvm-controllerA.example.com,DNS:pvm-controllerA,DNS:pvm-controllerB.example.com,DNS:pvm-controllerB"
CSR Creation on Controller B
create certificate-signing-request subject "/C=US/ST=NY/L=NewYork/O=ExampleCorp/OU=IT/CN=pvm-controllerB.example.com" extensions "/subjectAltName=DNS:pvm-controllerB.example.com,DNS:pvm-controllerB,DNS:pvm-controllerA.example.com,DNS:pvm-controllerA"
Upload Procedure via SFTP
Use a Linux system with the necessary certificates.
Perform the operation on the controllers one at a time, restarting the service on each controller after completing the operation.
Connection to Controller A
sftp -P 1022 Admin@pvm-controllerA.example.com
Upload the certificates:
put controllerA.cer cert-file:usr
put RootCA_Example.cer cert-file:trust
Activate the certificates and restart the service:
activate certificate service web usr_cert_a
restart mc a full
Connection to Controller B
After Controller A is fully operational, repeat the procedure for Controller B:
sftp -P 1022 Admin@pvm-controllerB.example.com
Upload the certificates:
put controllerB.cer cert-file:usr
put RootCA_Example.cer cert-file:trust
Activate the certificates and restart the service:
activate certificate service web usr_cert_b
restart mc b full
Removing Certificates
If needed, remove the certificates from the controllers using the following commands:
remove certificate usr_cert_a
remove certificate usr_cert_b
Note: This procedure includes Subject Alternative Names (SANs) for both controllers, ensuring a seamless configuration even after restarts.