Configuring an Nginx Load Balancer with BMC provided certificate

This procedure describes how to configure an Nginx Load Balancer with BMC provided certificate.

To configure an Nginx Load Balancer:

1. Log in as root in the NginX machine and create the openssl.cfg file and copy the following to the file and update the details according to your environment.

   [req]

   default_bits = 2048

   prompt = no

   default_md = sha256

   req_extensions = req_ext

   distinguished_name = dn

   [ dn ]

   C=US

   ST=Texas

   L=Houston

   O=BMC Software Inc

   OU=Control-M

   emailAddress=[Your email address]

   CN =[Your server FQDN]

   [ req_ext ]

   subjectAltName = @alt_names

   [ alt_names ]

   DNS.1 = [Your server FQDN]

2. Run the following command to create a private key and CSR file:

   openssl req -new -sha256 -nodes -out request.csr -newkey rsa:2048 -keyout privatekey.pem -config openssl.cfg

   The privatekey.pem and request.csr files are created.

3. Copy the private key to the NginX folder /etc/pki/nginx/private/.
4. From your Control-M/EM primary machine, navigate to <EM_HOME>/ini/ssl/ and copy the following files to your NginX machine where the CSR file is created.
   • - em_ssl_ca.pem
   • - em_ssl_cert.pem
5. Run the openssl command to sign your CSR and move the file that is created to /etc/pki/nginx/.