#Create CA
create ssl rsakey ops-ca.key 1024
create ssl certreq ops-ca.csr -keyfile ops-ca.key
create ssl cert ops-ca.crt ops-ca.csr ROOT_CERT -keyfile ops-ca.key
shell
echo '01' > ops-ca-serial.srl
exit
#Create a Server cert for the NetScaler (for testing, if required)
create ssl rsakey ops-vip.key 1024
create ssl certreq ops-vip.csr -keyfile ops-vip.key
create ssl cert ops-vip.crt ops-vip.csr SRVR_CERT -CAcert ops-ca.crt -CAkey ops-ca.key -CAserial serial.srl
#create key and csr on the apache web servers
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out opswebserver_01.csr
#copy the csr back to the netscaler
#sign csr's from the web servers with the CA created on the netscaler
create ssl cert /nsconfig/ssl/opswebserver_01.crt /nsconfig/ssl/opswebserver_01.csr SRVR_CERT -CAcert /nsconfig/ssl/ops-ca.crt -CAkey /nsconfig/ssl/ops-ca.key -CAserial /nsconfig/ssl/ops-ca-serial.srl
#copy the crt back to the apache server and put it in the appropriate place and edit ssl.conf
#add the in-memory cert object that holds the SSL server certificate information for SSL handshakes
add ssl certkey ops-certkey -cert ops-vip.crt -key ops-vip.key
#bind the certkey to a vserver
bind ssl certkey Ops_VIP ops-vip.key [ -vserver | -service ]
#dont forget to copy all files in /nsconfig/ssl to the second netscaler
Final Key
#create new csr
create ssl certreq opsportal.someurl.com.csr -keyfile opsportal.someurl.com.key
#copy key file to second netscaler
#passphrase: xxxxx
#Submit csr to verisign
#Copy verisign cert into text file
#Copy cert file to both netscalers
#Create certkey on netscaler
add ssl certKey portal.cert -cert ops-portal.someurl.com.crt -key opsportal.someurl.com.key
#add Verisign intermediate cert
add ssl certkey vrisgn.intmed.cert -cert /nsconfig/ssl/verisign.intermediate.cert.crt
#link intermediate cert to portal-certkey
link ssl certkey portal.cert vrisgn.intmed.cert
#bind certkey to vserver
bind ssl certkey ops_vip opsportal.someurl.com.key -vserver
No comments:
Post a Comment