Requesting Certificates for vCAC 6.1

I deployed a Load Balanced vCAC 6.1 deployment. I needed to create CA Signed Certificates for both of my appliances that would also server the load balanced name.

So in order to create a certificate request for the appliance, I installed OpenSSL on a Windows box. This will create a folder called C:\OpenSSL\bin where anopenssl.exe application can be run from the command line. Once OpenSSL is installed we can start to crack on with the certificate request. I will start with the Identity Appliance certificate as it is the easiest one, and I am not Load Balancing the Identity Appliance.

Copy and Paste the text below into Notepad:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vcacia, IP:, DNS:vcacia.cccrashers.local
[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Chester
localityName = Cheshire
0.organizationName = Demo
organizationalUnitName = CCrashers
commonName = vcacia.ccrashers.local

Now change the information in Red Above to match your requirements, then create a folder and save the file and call in it vcacia.cfg e.g. C:\certs\vcac\idapp\vcacia.cfg

Now you need to create the request using the OpenSSL Command below, this command will create the csr file (which is the actual request) and key file (which is needed to copy to the Identity Appliance GUI).

openssl req -new -nodes -out C:\certs\vCAC\idapp\vcacia.csr -keyout C:\certs\vCAC\idapp\vcaciakey.key -config C:\certs\vCAC\idapp\vcacia.cfg

You now have the CSR file and Key file you need:

Please note when I started this blog the company I was working for didn’t use a Windows CA, and therefore I realised there were some steps missing for users with a Windows CA. I have since found this excellent article with all of the steps required so rather than plagiarise someone else’s work, here is the link:

The steps in the article above are essentially what I followed.

Facebooktwittergoogle_pluslinkedinby feather

Leave a Reply

Your email address will not be published. Required fields are marked *