How to import The Third-Party certificate to manageiq


#1

Hi everyone,
These days I try to find a way to import the Third-Party Certificate to manageiq, but I can’t find a
way which can import it from the website, I use the ova file deploy the manageiq system to vmware, from the console, it just show me the 14 items and also can’t import the certificate, so is there someone can help me on this, thanks in advance!


#2

@dclarizio can you review this question from @victor and forward to a SME if necessary.


#3

Hi Victor,

If you are trying to use custom certificates instead of the self-signed one, then the method I use is the following:

  1. Replace the certificate and key in /var/www/miq/vmdb/certs
  2. Stop the EVM process
  3. Start the EVM process

In terms of certificates, I use a chained certificate containing the CA and the server certificate.

I’m not sure if this is “the best way to go” but it works :slight_smile:

Regards,
Joseph.


#4

Hi Joseph,
Thanks for your kindly reply.I try to find the path which you mentioned, but unfortunately my manageiq is deployed by the ova template, which can be downloaded from the website of manageiq, in this template, when I login with consol, it only show me 14 items.


Please give me a hand, thanks very much!


#5

Victor,

Which version are you running and which user account are you using to log into the appliance?
I’ve tested with Capablanca-2 and Darga-Beta and when I log in with root account I drop into a standard shell and not the appliance console.

If I want to start the appliance_console, I have to start it actually.

Regards,
Joseph.


#6

Hi Joseph,
The EVM version is botvinnik-1 and the login account is “admin”,and managiq is used to manage the vms which are created in vmware platform, so do I need to upgrade the version of manageiq? Thanks!


#7

Hi Victor,

I’m not sure about the botvinnik version as I don’t have one around to play with.
I think you should try to login with root rather than admin.
On Capablanca and Darga the password is “smartvm” by default.

Regards,
Joseph.


#8

Hi Joseph,
Thanks for your great help, now I download and deployed Capablanca-2, and can drop into shell,
I think this is caused by the manageiq’s version, mine is a old one.
For import certificate, would you please guide me step by step, in actually I am a new user of linux and manageiq, thanks in advance!:slight_smile:

Regards,
Victor


#9

Victor,

I’m not a proficient user either but here’s what I’ve done.

  1. Create new certificate issued by a trusted authority (either internal or external)
  2. Create a chained certificate with you new certificate and the CA certificates. (I use a Windows CA so I had a chained certificate in the p7b format which can be converted to a x509 one using openssl (commands available at sslshopper - convert ssl certificates) , required by ManageIQ)
  3. Copy the certificates to your appliance in /root/certs for example using FileZilla or WinSCP.
    server.cer which should contain the chained certificates
    server.cer.key which should contain the private key associated with the certificate without passphrase
  4. Login to your appliance with a ssh client (putty on Windows for example)
  5. Type the following commands:
    cd /var/www/miq/vmdb/certs ls -l should show 4 files (server.cer, server.cer.key, v2_key, v2_key.dev)
    tar cf old_certs.tar server* in order to store the old certificates in case of error
    cp /root/certs/server.* /var/www/miq/vmdb/certs/ Two files should be overwritten (the chained certificates and the private key)
  6. Restart your appliance or just the EVM server using appliance_console and you should be good to go
  7. Connect to the appliance and check that the certificate is correct.

I hope this helps.
Regards,
Joseph.


#10

Hi Joseph,
It is ok now, thanks for your help!