Creating a CA-signed certificate for the Quorum Witness server

Quorum Witness server

1. Log in as the root user to the Quorum Witness server.
2. Confirm that you are in the /root directory using the pwd command.
3. Identify the FQDN of the server as the variable SYSTEM_QW.

   For example: SYSTEM_QW=vm1234-ip6.abc.yourcorp.net

4. Generate a private key for the server certificate.
   For example: openssl genrsa -out ${SYSTEM_QW}-server.key.pem 2048

   Generating RSA private key, 2048 bit long modulus
   ......+++
   .......................+++
   e is 65537 (0x10001)
   

5. Generate a certificate signing request (CSR) using the server key. Replace the information between the quotes with your location.

   openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/C=Country or region/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=${SYSTEM_QW}" -out ${SYSTEM_QW}-server-csr.pem

   For example: openssl req -key ${SYSTEM_QW}-server.key.pem -new -sha256 -subj "/C=US/ST=CA/L=Los Angeles/O=HPE/OU=DEV/CN=${SYSTEM_QW}" -out ${SYSTEM_QW}-server-csr.pem

6. Confirm that two files are listed in the /root directory.
   ls -l *.pem

   ls -l *.pem
   -rw-r--r-- 1 root root 1021 May 23 09:17 vm1234-ip6.abc.yourcorp.net-server.csr.pem
   -rw-r--r-- 1 root root 1675 May 23 09:11 vm1234-ip6.abc.yourcorp.net-server.key.pem
   

Certificate Authority Tool

7. Access the CA tool.
8. Request a CA-signed certificate using the .csr.pem file.
9. When you receive the CA-signed certificate for the QW server:
   1. Make sure that the CA-signed certificates are compliant to X.509 certificate format and PEM encoding.
   2. Move the CA-signed, QW server certificate to your predefined CA-signed certificates folder.
      For example: vm1234-ip6.abc.yourcorp.net_cert.pem certificate is located in C:\qw-secure\certs.