Creating and Installing Custom CA-Signed Certificate
Product version: 10.6
Last modified: 25 January 2022
How do I create and install a custom CA-signed certificate for Transporter?
Before NAKIVO Backup & Replication can use the Transporter, the Director needs to recognize the Transporter as secure. This process requires two certificates, one on the Director side and one on the Transporter side.
The process of creating and setting up certificates requires OpenSSL package which must be installed on Linux OS.
Creating CA-signed Certificate
To create and set up a custom CA-signed certificate, do the following:
Generate RSA key with the following commands:
openssl genrsa -out rsa.key 2048
openssl rsa -in rsa.key -noout -text
Generate Certificate Signing Request (CSR) with the following commands:
openssl req -new -key rsa.key -out rsa.csr
openssl req -in rsa.csr -noout -text
Generate CA Key and self-signed certificate with the following commands:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt
Perform the signing procedure with the following commands:
openssl x509 -req -in rsa.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out rsa.crt
openssl x509 -in rsa.crt -noout -text
Rename rsa.crt to rsa.pem.
Create a separate file that includes both key and certificate with the following command:
cat rsa.key rsa.pem > certkey.pem
Rename ca.crt to CA-Certificate.pem.
Installing CA-signed Certificate
To install a custom CA-signed certificate created using the method described above or prepared beforehand, do the following:
Rename your certificate file to CA-Certificate.pem and put it in the /opt/nakivo/director/userdata folder.
The name of the certificate file to be put in the userdata folder cannot be anything other than CA-Certificate.pem.
Run the following command:
chmod 755 CA-Certificate.pem
Restart Director Service with the following command:
systemctl restart nkv-dirsvc
Perform Transporter installation described here and specify path to the certkey.pem.