• This topic has 2 replies, 3 voices, and was last updated March 26, 2024 by Systems T.

SSL Certificates in v10+

  • After changing from 9.7 Windows ZVM to 10.x Linux, we did not have a way to load the new appliances with SSL certificates.  The Zerto documentation only has how to change them AFTER they are already generated.  Here is what we did to process them from the beginning to the end:

    **##Create a CSR for v10 – must have a Common Name and a Subject Alternative Name

    https://certificatetools.com/ – online tool to generate a CSR and KEY file

    **##Generate the CER File from MS CA**

    Need to export the CER as a Base64 File

    **##Replace certificates on v10 – logging in as zadmin in the zadmin home directoy

    cp /var/data/zerto/zappliance/ingress/certs/tls.key /var/data/zerto/zappliance/ingress/certs/tls.key.bak

    cp /var/data/zerto/zappliance/ingress/certs/tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt.bak

    *Copy New Files to v10 Appliance in the zadmin home directory*

    Multiple ways to do this – pick one

    *Convert CER to CRT – Base64

    openssl x509 -inform PEM -in <CERFILEFrom CA> -out tls.crt

    *Rename New Files to Default Names*

    cp <key-file-name>.key tls.key

    *Copy files to directory*

    cp tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt

    cp tls.key /var/data/zerto/zappliance/ingress/certs/tls.key

    *Replace the SSL Certificate*

    kubectl delete secret ingress-cert-secret

    kubectl create secret tls ingress-cert-secret –key /var/data/zerto/zappliance/ingress/certs/tls.key –cert /var/data/zerto/zappliance/ingress/certs/tls.crt



    I have been searching for this exact solution for weeks.  Thank you, I will give this a try.

    We got this to work but the last command is incorrect.

    You have to use 2 dashes before cert and key like on the below command:

    kubectl create secret tls ingress-cert-secret --key /var/data/zerto/zappliance/ingress/certs/tls.key --cert /var/data/zerto/zappliance/ingress/certs/tls.crt

You must be logged in to create new topics. Click here to login