The Certificate Authority (CA) signed certificate is used to connect to the
Quorum Witness (QW) server. Perform this procedure on the server where you will install the
Quorum Witness software. The OpenSSL commands used in this procedure are examples only.
NOTE: Passphrases are not supported.
Prerequisites
Access to OpenSSL 1.0 or later or another tool for securing TLS and SSL protocol.
Procedure
Quorum Witness server
-
Log in as the root user to the
Quorum Witness server.
-
Confirm that you are in the
/root
directory using the
pwd
command.
-
Identify the FQDN of the server as the variable
SYSTEM_QW
.
For example:
SYSTEM_QW=vm1234-ip6.abc.yourcorp.net
-
Generate a private key for the server certificate.
For example:
openssl genrsa -out ${SYSTEM_QW}-server.key.pem 2048
Generating RSA private key, 2048 bit long modulus
......+++
.......................+++
e is 65537 (0x10001)
-
Generate a certificate signing request (CSR) using the server key. Replace the information between the quotes with your location.
openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/C=Country or region/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=${SYSTEM_QW}" -out ${SYSTEM_QW}-server-csr.pem
For example:
openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/C=US/ST=CA/L=Los Angeles/O=HPE/OU=DEV/CN=${SYSTEM_QW}" -out ${SYSTEM_QW}-server-csr.pem
-
Confirm that two files are listed in the
/root
directory.
ls -l *.pem
ls -l *.pem
-rw-r--r-- 1 root root 1021 May 23 09:17 vm1234-ip6.abc.yourcorp.net-server.csr.pem
-rw-r--r-- 1 root root 1675 May 23 09:11 vm1234-ip6.abc.yourcorp.net-server.key.pem
Certificate Authority Tool
-
Access the CA tool.
-
Request a CA-signed certificate using the
.csr.pem
file.
-
When you receive the CA-signed certificate for the QW server:
- Make sure that the CA-signed certificates are compliant to X.509 certificate format and PEM encoding.
- Move the CA-signed, QW server certificate to your predefined CA-signed certificates folder.
For example:
vm1234-ip6.abc.yourcorp.net_cert.pem
certificate is located in
C:\qw-secure\certs
.