Reading Time: 2 minutes

If you install PernixData FVP, you will notice some certificates warning prompt when you access to the management interface.

The prompt appears because by default there is a certificated delivered with the computer name fvp.pernixdata.com and of course does not match your management server FQDN. Both the computer name and the root are not trusted and to fix the warning you need to create a self signed certificate and import it on your client, or request one from a trusted CA.

Also if you generate a self-signed certificate it’s east to import it: user is prompted to accept SSL certificate for FVP when logging into vSphere client.

To build a new self-signed certificate there is a PernixData KB Article (login is needed) that explain all the required steps.

First you need OpenSSL toolkit (the easy way is use an existing Linux box) in order to manage the certificate request and sign.

To build you certificate request:

openssl req -nodes -new -x509 -keyout rui.key -out rui.crt -days 3650 ( -config openssl.cnf )

The openssl.cnf could be pre-build with all your required data (the KB has an example), but the most important aspect is be sure that the CommonName match your FVP Manager FQDN. Also note that the certificate will be valid for about 10 years.

Now you can simple export it in the right format:

openssl pkcs8 -topk8 -inform PEM -outform DER -in rui.key -out new-key -nocrypt

Now copy (or rename) the rui.crt certificate file:

copy rui.crt new-cert

And copy the new-cert and new-key files to your FVP management server con folder, in the example below the Management server is installed:

C:\Program Files\PernixData\FVP Management Server\Server\conf\

Restart the PernixData FVP management Server service. Either use the services manager to do so, or the following command line:

net stop prnxserv && net start prnxserv

Remember to import the certificate in your “Trusted Root Certification Authorities” on your client (this has to happen on each computer you want to use the FVP management client) in order to avoid the CA warning.

Share