A CSR is required for each TCA Component (TCA manager and control planes) and the same generated certificates can be used for both appliance management GUI and Web GUI.
We typically use this procedure to generate the CSR (the values below are just examples)
Generate the private key:
openssl genrsa -out tca-manager.example.com.key
2. Generate the CSR using the config file below.
openssl req -sha512 -new \
-subj "/C=IT/ST=Rome/L=Rome/O=Example/OU=NFVI/CN= tca-manager.example.com"\
-key tca-manager.example.com.key \
-out tca-manager.example.com.csr \
-config tca-manager.example.com.cfg
tca-manager.vodafone.com cfg:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
distinguished_name=req_distinguished_name
[req_distinguished_name]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1= tca-manager.example.com
Comentarios