1. Generate a Certificate Signing Request (CSR)
Create a configuration file (
ecp.conf) with the necessary details:[req] default_bits = 2048 default_md = sha512 encrypt_key = no string_mask = utf8only distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] countryName = <REQUIRED> stateOrProvinceName = <REQUIRED> localityName = <REQUIRED> organizationName = <REQUIRED> commonName = <CNAME> [v3_req] basicConstraints = CA:false keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth subjectAltName = DNS:<Domain>,DNS:<Domain>
Run the following command to generate the CSR and private key:
openssl req -newkey rsa:2048 -keyout ecp.key -out ecp.csr -config ecp.conf -nodes
2. Request a CA-Signed Certificate
Submit
ecp.csr to a trusted Certificate Authority (CA) to obtain a signed certificate.3. Extract the Private Key (If Needed)
If the private key file (
ecp.key) is missing, extract it from the .pem file:openssl pkey -in yourfile.pem -out ecp.key
or, for an RSA key:
openssl rsa -in yourfile.pem -out ecp.key
4. Extract the Certificate
Convert the
.pem file into a .crt format:openssl x509 -in yourfile.pem -out ecp.crt
5. Prepare the Certificate Files
- Rename the obtained certificate to
ecp.crt. - If your CA provides an intermediate chain, concatenate the files:
cat certificate.crt intermediate.crt ca-root.crt > ecp.crt
6. Upload the Certificate Files
Upload both
ecp.crt and ecp.key to /var/versa/ecp/share/certs directory on any node of the Concerto cluster7. Ensure File Permissions and Ownership
sudo chmod 775 /var/versa/ecp/share/certs/ecp.* sudo chown versa:versa /var/versa/ecp/share/certs/ecp.*
8. Restart Services
vsh restart