SSL Certificates in v10+

After changing from 9.7 Windows ZVM to 10.x Linux, we did not have a way to load the new appliances with SSL certificates.  The Zerto documentation only has how to change them AFTER they are already generated.  Here is what we did to process them from the beginning to the end:

**##Create a CSR for v10 – must have a Common Name and a Subject Alternative Name

https://certificatetools.com/ – online tool to generate a CSR and KEY file

**##Generate the CER File from MS CA**

Need to export the CER as a Base64 File

**##Replace certificates on v10 – logging in as zadmin in the zadmin home directoy

cp /var/data/zerto/zappliance/ingress/certs/tls.key /var/data/zerto/zappliance/ingress/certs/tls.key.bak

cp /var/data/zerto/zappliance/ingress/certs/tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt.bak

*Copy New Files to v10 Appliance in the zadmin home directory*

Multiple ways to do this – pick one

*Convert CER to CRT – Base64

openssl x509 -inform PEM -in <CERFILEFrom CA> -out tls.crt

*Rename New Files to Default Names*

cp <key-file-name>.key tls.key

*Copy files to directory*

cp tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt

cp tls.key /var/data/zerto/zappliance/ingress/certs/tls.key

*Replace the SSL Certificate*

kubectl delete secret ingress-cert-secret

kubectl create secret tls ingress-cert-secret –key /var/data/zerto/zappliance/ingress/certs/tls.key –cert /var/data/zerto/zappliance/ingress/certs/tls.crt

WIN!