Kaviza VDI-in-a-box Self-Signed Certificate Installation

kaviza Inc. (www.kaviza.com)

Creating and installing SSL certificates on the Kaviza grid: Follow the instructions below to install a self-signed certificate on kMGR. This certificate needs to be installed on ALL the kMGRs in the grid. 1. Request a certificate from a trusted authority 2. Receive the certificate as a .cer or save it as a .cer file. 3. Log into the kMGR virtual appliance Note: You can either use ESX VIC console to log into the kMGR appliance or you can use any ssh client such as putty to do the same. We have found that it is easier to log into the appliance using a putty shell. PuTTY can be downloaded for free from http://www.chiark.greenend.org.uk/~sgtatham/putty/. Once you have done that, please do the following: a. Bring up PuTTY b. Host Name: Enter your kMGR appliance address c. Connection type: Choose SSH d. Click on Open

e. You will see a Putty window f. Login as user: kvm g. Password: kaviza123 (default password) 2

h. You should see a window such as the one below as soon as you log in.

4.

Once you are logged in, do the following: a. Create a new keystore directory. mkdir /home/kvm/keystore b. Change to this new directory location: cd /home/kvm/keystore c. Generate a Java keystore and key pair keytool -genkey -alias kmgr -keyalg RSA -keysize 2048 -keystore kmgr.keystore Note: Choose the password "changeit" whenever asked for a password d. Generate a certificate signing request (CSR) for an existing Java keystore keytool -certreq -alias kmgr -file kmgr.csr -keystore kmgr.keystore e. Send kmgr.csr certificate request to the trusted authority Note: The easiest way to transfer (sftp) any files over or from the appliance is by using a sftp windows client such as "FileZilla". There is a free Windows FileZilla client available that you can download from the web very easily. Once you have done that, do the following: i. Bring up FileZilla

ii. iii. iv. v. vi. vii.

Click the first icon (Site Manger) Host: Enter your kMGR appliance IP address or DNS name Servertype: Choose SFTP-SSH file transfer protocol Logontype: Choose Normal User: kvm Password: kaviza123 (the default password unless you have changed it)

f. Receive kmgr.crt certificate and chain.crt intermediate chain. g. Import New CA into this new directory i. cd /home/kvm/keystore
ii. iii. keytool -import -trustcacerts -alias root -file chain.crt -keystore kmgr.keystore keytool -import -trustcacerts -alias kmgr -file kmgr.crt -keystore kmgr.keystore

h. Replace the old default Kaviza certificate with the new CA i. cd /home/kvm/kvm/install/servlet_container/conf ii. mv .keystore old.keystore iii. cp /home/kvm/keystore/kmgr.keystore .keystore i. Re-start Tomcat services (kMGR services) i. tc_start (type in kaviza123 for password) 5. Test from a browser to verify that the connection is secure. 4