LogInsight SSL Replacement

VMWare Log Insight

How to generate a Signed SSL Certificates for LogInsight Cluster (this has been done on v3.0 but I know the same process works on at least v2.5)

This will be done using a local Microsoft CA

Download and Install Openssl from here, then run the installer. Once it has been installed(I normally install all files to a c:\openssl directory), open a cmd prompt as Administrator and run

I additionally will use Notepad++ for editing files by default

set OPENSSL_CONF=c:\openssl\bin\openssl.cfg

Then create a folder to store the LogInsight config and key files c:\openssl\LI\

Then create a OpenSSL config file as follows from which to create a CSR; (loginsight.corp.local is the cluster name we will provide, and IPS in the SAN have been provided for all 3 cluster nodes and the cluster ip address), change the bold values. This setup is based on 3 node cluster. Save this file as c:\openssl\li\li.cfg

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName =  DNS:log-01a.corp.local, DNS:log-01b.corp.local, DNS:log-01c.corp.local IP:192.168.110.24,IP:192.168.110.25,IP:192.168.110.26,IP:192.168.110.27

[ req_distinguished_name ]

CountryName = UK
stateOrProvinceName = London
localityName = London
0.organizationName = VMware
organizationalUnitName = corp.local
commonName = loginsight.corp.local

With OpenSSL generate a private key in the RSA format

openssl genrsa -out c:\openssl\li\server.key 2048

Create a CSR

openssl req -new -key c:\openssl\li\server.key -out c:\openssl\li\server.csr -config c:\openssl\li\li.cfg

Submit the CSR to the certificate authority

certreq -submit -attrib “CertificateTemplate:WebServer” c:\openssl\li\server.csr c:\openssl\li\server.pem

Screen Shot 2016-02-03 at 14.51.48

Now we need to combine this pem file with our key file to create pem to give to LogInsight. open Notepad++ and create a new file called LogInsight-Upload.pem. Copy all the contents of the Server.Key file into the new test file and then directly below the contents of the Server.PEM file (i have truncated the content of each key in the image below so your file maybe longer)SSL Upload PEM file

 

As always ENSURE YOU HAVE A SNAPSHOT BEFORE YOU START MAKING CHANGES TO A PROD SYSTEM

Then log into your master node of the LogInsight Cluster (normally the first one deployed) and upload the PEM file and Save the change. 

LogInsight new Certificate File Upload

Then upload the same file to each other node in the cluster.

VMWare, LogInsight
REQUIRES : Vmware, 2.5,3.0
Ratings
Price:

Leave a Reply

Your email address will not be published. Required fields are marked *