Symptom


In order to provide better security for a Zerto Virtual Replication(ZVR) installation, as well as to avoid the ?untrusted? warnings when loading the Zerto GUI, an administrator may want to replace the default ZVR self-signed SSL certificate with another.  To do so, a Certificate Signing Request (CSR) for a Certificate Authority must first be generated.  This article explains the necessary steps to do so.

 


Solution


To create a Certificate Signing Request (CSR) for a Certificate Authority, follow these steps:

 

  1. Download the OpenSSL binaries: https://www.openssl.org/community/binaries.html.

  2. After installing OpenSSL, open a command prompt and change directory to its installation directory.

  3. Run the following commands to generate the CSR and KEY - note that the ?Common Name? section of the CSR generation is the most important, as this is what contains the fully qualified domain name of your site:

    1. cd c:openssl-win32bin

    2. set OPENSSL_CONF=c:openssl-win32binopenssl.cfg

    3. openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

  4. Follow the on-screen prompts to fill out the CSR.

  5. The generated server.csr file will contain your Certificate Signing Request, which should then be submitted to the certificate authority you chose to sign your certificate (for example, Thawte, GoDaddy, VeriSign etc.).