Hi all,
I am currently implementing SSL certificates in my environment and wasn't clear on one of the initial steps configuring openssl.cfg - http://kb.vmware.com/kb/2015387.
The instructions are clear, but I have the following questions;
- Should I use the actual host name or the DNS name (ie. hostname.domain.com or dnsalias.domain.com) - what are the implications?
- What needs to change in this line "organizationalUnitName = vCenterInventoryService"
This is the reference configuration;
Note: Replace the highlighted code with details of the server that you are configuring.
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vc50, DNS:10.0.0.10, DNS:vc50.vmware.com
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = NY
localityName = New York
0.organizationName = VMWare
organizationalUnitName = vCenterInventoryService
commonName = vc50.vmware.com
Thanks,
Jon