I try to establish the universe, on the local host, but I get a problem, I follow these steps Do not know how to do First I made a Srts and PEM, but in step 4 have to move I do not know that PEM is run .pem two PEM I and I openssl verify -Capath / etc / pki / tls / certs I try to confirm
Step 3: Creating and Installing a Certificate of Master Node The certificate for a valid CA signed master node is required for the platform to be shown as an authentication proof. Has been installed for. Thus, this certificate should be made by generating a Certificate Signature Request (CSR); Do this once in the master node: $ openssl req -newkey RSA: 2048 -New --Cavity newkey.pem-newreq.pem The above command will prompt for some information; The most important information about the universe platform is the name of the server (that host name was selected for the Cosmos Master Node) where the certificate is being established, and the challenge password must be empty. Allegedly PEM must be empty pass phrase (otherwise, httpd server automatically will not start), will fill it at this stage and will be removed later by executing: $ openssl rsa -in Nikeepam-out Nikijm. At the point, you can choose two options to sign the certificate: Use a valid CA in the Internet Use the contents of the SCR (NurekPM file) generated to retrieve the final certificate. Should be done within, which is commonly called certnew.cer CSR is different in the way that each CA is managed. Self-Signature on Certificate In this case, you'll need to command: $ openssl req -new -x509 -key newkey.pem -out certnew.cer In any case, once the certificate (certificate), Key (Newkeykpem) and CSR (My_environment & gt; / certificate / & lt $ cp newkey.pem [COSMOS_TMP_PATH] / puppet / modules / universe / files / home / & lt: newreq.pem) has got the name of the files according to this (in all machines) ; Universe Master Node & gt; _kekpem $ Cup Kernevksr [Cosmos_tmp_pth] /ppet/modls/cosmos/fails/anvironments/<may_anwayrnment>/karts/<cosmos-mastr-nod>_srkpem $ Cup Newrek Kpem [Cosmos_tmp_pth] / puppet /modules/cosmos/files/environments/<my_environment>/certs/<cosmos-master-node>_req.pem Step 4: certificate of CA installation should be installed as a certificate of CA. Download from the proper link (If you have a certificate of self-signed master node, then this type of certificate is also CA certificate) and tax the master master node in the following: CA's certificate (common name is & lt copy; ca_cert & Gt; .pem) To do this, shop the local certificate and change directory: $ mv & lt; Ca_cert & gt; Make a symbolic link to the certificate of .pem / etc / PKI / TLS / certificate $ CD / etc / PKI / TLS / Certificate CA. An 8-digit-number-based file will be created. It is very important that this file has the extension '.0': $ ln -s & lt; Ca_cert & gt; .pem `openssl x509 -hash -noout-in & lt; Ca_cert & gt; Verify the .pem`.0 certificate successfully installed Ben: $ Openssl Verify -path / etc / pki / tls / certs & lt; Ca_cert & gt; .pem xxxxxxxx.0: OK, you will see an 8-digit hash..0 file which will then "OK". Alejandro, Cosmos is an annabelar which is highly recommended to use through previously employed frequency.
In the FIWARE lab please login to create an account and start working with it refer to.
No comments:
Post a Comment