Skip to main content

Generating a customized externally-signed server certificate

When installing a customized server certificate in Lenovo XClarity Integrator, users should provide the certificate bundle that contains the entire CA signing chain.

About this task

Tip
If the new server certificate is not signed by a trusted international third party (such as VeriSign), the next time connecting to Lenovo XClarity Integrator, a security message will be prompted users to accept the new certificate as an exception into the browser. To avoid the security messages, users can import the CA signing chain of the server certificate into the Web browser list of trusted certificates.

For more information about importing certificates, see Importing the Lenovo XClarity Integrator certificate in Web browser.

Procedure

Complete the following steps to generate a customized server certificate.

  1. Generate a certificate signing request (CSR) for Lenovo XClarity Integrator.
    1. On the left navigation pane, click Security Settings.
    2. Click Server Certificate to display the Server Certificate page.
    3. Click the Generate Certificate Signing Request (CSR) tab.
    4. Fill in the fields in the Generate Certificate Signing Request (CSR) page:

      • Country

      • State or Province

      • City or Locality

      • Organization

      • Organization Unit (optional)

      • Common Name

      Attention
      Select a common name that matches the IP address or hostname of Lenovo XClarity Integrator virtual appliance. Failure to select the correct value might result in connections that are not trusted. Users can allow Lenovo XClarity Integrator to generate the common name automatically by specifying Generated by LXCI.
    5. Click Generate CSR File to download the generated file.
  2. Submit all CSRs to the trusted CA for signing. The trusted CA returns a certificate bundle for each CSR. The certificate bundle contains the signed certificate and the complete certificate authority (CA) chain of trust.
  3. Upload the externally-signed server certificate to Lenovo XClarity Integrator.
    Note
    The certificate being uploaded must have been created from the Certificate Signing Request that was most recently created using the Generate CSR File button. The uploaded file must contain the complete certificate chain, including the root certificate and any intermediate certificates. The order of certificates in the file must be server certificate, intermediate certificates, and then root certificate.

    1. On the left navigation pane, click Security Settings.

    2. Click Server Certificate on the setting page.

    3. Click the Upload Certificate tab.

    4. Click the Choose File button to select the certificate file (.der, .pem or .cer).

    5. Click the Upload Certificate button. The certificate file is uploaded.

    After uploading the server certificate, Lenovo XClarity Integrator is restarted and the browser connection to the Lenovo XClarity Integrator Web interface is terminated. To continue the task, log in to the Lenovo XClarity Integrator Web interface again.

    Note
    Update VMware vCenter registration after the new server certificate is uploaded.