In last post of HCX series, we deployed HCX Cloud appliance and performed basic configuration. The next step was to pair the HCX Enterprise appliance to the HCX Cloud so that we can start consuming HCX features.
When I tried pairing the on-prem HCX to HCX Cloud, I was getting ssl connection error and site pairing task was failing.
I was pretty sure that this is happening because of untrusted ssl certs in my lab and I was thinking that may be I need to replace the self-signed certs with the CA signed certs.
I quickly checked on this error with one of our staff engineer from hybridity team and he helped me with actual steps for fixing this issue. These are the high level steps you need to perform when you face this issue.
1: Generate Private and Public cert file on HCX Cloud appliance.
[root@hcx-cloud ~]# openssl req -x509 -nodes -days 1000 -newkey rsa:2048 -keyout private.crt -out public.crt -subj '/C=IN/ST=Karnataka/L=Bangalore/O=vstellar.com/OU=hybridity/CN=192.168.109.29'
Generating a 2048 bit RSA private key
writing new private key to 'private.crt'
Note: 192.168.109.29 is the IP address of my HCX-Cloud appliance.
The above command generated the private.crt and public.crt files on the hcx-cloud appliance.
[root@hcx-cloud ~]# ls
2: Import the generated certs in HCX-Cloud appliance
- Login to HCX Cloud Appliance Management UI (https://hcx-cloud-ip:9443)
- Navigate to Administration > Server Certificate tab.
- Paste the contents of public.crt in ‘Server Certificate’ section.
- Paste the contents of private.crt in ‘Private Key’ section.
Make sure certificated is imported successfully.
3: Import the certificate from HCX Cloud to HCX Enterprise appliance
- Login to HCX Enterprise Appliance Management UI (https://hcx-enterprise-ip:9443)
- Navigate to Administration > Trusted CA Certificate tab and click on ‘Import’
Select ‘URL’ method and provide the URL of your HCX Cloud and hit Apply button.
Verify that cert ha sbeen imported successfully.
After this try site pairing again and it should complete without any further issues.
Kudos to my friend Umar from hybridity team for helping me fixing the SSL error.
And that’s it for this post.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable