Are you so allergic towards OpenSSL for generating CSRs ?
Do you always prefer GUI over commandline and looking an alternate for CSR generation without OpenSSL?
Then this blog post is absolutely for you !
XCA portable is a GUI based free tool used to generate Key pair and CSR for your SSL reaplcement activities !
Download Link: https://hohnstaedt.de/xca/index.php/download
Execution Steps:
- Extract the tool and locate the executable – XCA.exe
- Right click the executable and select “Run as administrator”
- Once the application is opened, create new database by selecting “File — > New database”
- Provide a complex password and ensure to store is somewhere safe.
- This password will be used to open the database at any time.
- Select “Private Keys” tab and Click on “New Key”
- Provide the key name respective to each product listed in previous step. Leave the rest to default.
- To create CSR, select the “Certificate Signing Requests” tab. Select “New Request”.
A new Pop-up Window opens.
- In the Pop-up window, ensure that the Signature algorithm is set to “SHA256”
- Click on Subject tab. Fill all the required details provided. Ensure that the private key is appropriately selected for each product.
- Now navigate to “Extensions” tab to provide the alternative names as we use load balancer in our environment. Click Edit
- Click OK to generate the CSR. Export CSR using “Export” option available in the main menu.
Validating your CSR:
- Ensure that all CSR are properly exported and named accordingly for each product.
- Navigate to the below link and check your CSR.
https://ssltools.digicert.com/checker/views/csrCheck.jsp
- Copy paste your CSR and click “Check your CSR”
You are now all set to go ! Start replacing SSL certs for every vSphere product and tighten your security !
Replacing SSL Certificates in a Clustered- Multi vCD Environment behind NSX loadbalancer
Replacing SSL Certificates in VMware vRealize Log Insight with Integrated Load balancer
virtuSolve 