Créer et installer un certificat SSL sur SDX 9100 et SDX 16000

[root@netscaler-sdx SSL_Cert]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
[root@netscaler-sdx SSL_Cert]# uname -a
Linux netscaler-sdx 4.4.0+2 #1 SMP Fri Apr 30 02:46:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@netscaler-sdx SSL_Cert]# cat /etc/centos-release
XenServer release 7.1.2 (xenenterprise)
[root@netscaler-sdx SSL_Cert]# openssl genrsa -out private_key.pem 2048
Generating RSA private key, 2048 bit long modulus
.................+++
.................+++
e is 65537 (0x10001)
[root@netscaler-sdx SSL_Cert]# ls
private_key.pem
[root@netscaler-sdx SSL_Cert]# openssl req -new -key private_key.pem -out request.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Santa_Clara
Organization Name (eg, company) [Default Company Ltd]:CSG
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []: cloud.com
Email Address []: none@cloud.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@netscaler-sdx SSL_Cert]# ls
private_key.pem  request.csr
[root@netscaler-sdx SSL_Cert]# openssl x509 -req -in request.csr -signkey private_key.pem -out lom_certificate.pem -days 365
Signature ok
subject=/C=US/ST=California/L=Santa_Clara/O=CSG/OU=Engineering/CN=cloud.com/emailAddress=none@cloud.com
Getting Private key
[root@netscaler-sdx SSL_Cert]# ls
lom_certificate.pem  private_key.pem  request.csr

[root@netscaler-sdx SSL_Cert]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
[root@netscaler-sdx SSL_Cert]# uname -a
Linux netscaler-sdx 4.4.0+2 #1 SMP Fri Apr 30 02:46:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@netscaler-sdx SSL_Cert]# cat /etc/centos-release
XenServer release 7.1.2 (xenenterprise)
[root@netscaler-sdx SSL_Cert]# openssl genrsa -out private_key.pem 2048
Generating RSA private key, 2048 bit long modulus
.................+++
.................+++
e is 65537 (0x10001)
[root@netscaler-sdx SSL_Cert]# ls
private_key.pem
[root@netscaler-sdx SSL_Cert]# openssl req -new -key private_key.pem -out request.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Santa_Clara
Organization Name (eg, company) [Default Company Ltd]:CSG
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []: cloud.com
Email Address []: none@cloud.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@netscaler-sdx SSL_Cert]# ls
private_key.pem  request.csr
[root@netscaler-sdx SSL_Cert]# openssl x509 -req -in request.csr -signkey private_key.pem -out lom_certificate.pem -days 365
Signature ok
subject=/C=US/ST=California/L=Santa_Clara/O=CSG/OU=Engineering/CN=cloud.com/emailAddress=none@cloud.com
Getting Private key
[root@netscaler-sdx SSL_Cert]# ls
lom_certificate.pem  private_key.pem  request.csr
 

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAlW0N9EghsirHkPsgAiwXHuPdNw6DOstwC9V7ZLu38g36pqYk
X1yhON4yF61nCqS+Mfiu+plPEDbXc5dwtd7Le4JEW8OFHko5mBz3Uj9MSenJTBVT
V1d+hyu82nR0VWdAxe72kPiiTG7PuM34ZZqeHuy+tLU9FkAXDtxyjlPf/TDJPQl/
7h1klnTW5t9s2rSXznj3jsXOg88xF8S/ksGP1O6F5O7XoZYtpafUB/SqfZuX95qv
12EbbusifBwrmKVd/Z5/FguSGCeszBmrCol0dfUT44lMRPP2zW0m6O234j4HmOuh
Z/qL34seA1SmIMHkr9K57VHWqWoc3NmTDK2n0wIDAQABAoIBAEaI7AVb50wLFZlC
caGU3nUeatYKa7fdQE7VvyGV2wbPwnnYA2NgfloxyMOUfwdvLLi6Ax8YL1IgESPn
YLT5LmRm4Y3PhY7+yqEbS0PvzTs2uGbJykV4b6mu477bKe8GhnTokEtukm4yAKvj
zlVn3ywJ5Ru4UdWm+ztwpEK7JQiGvkoMSn7+qDhEAw5sw9cdCRxqLITm0xVhda5L
xO576NCAvSMCGlkwu9F6nnscP2TIT6Do44AiERAQRUdWVrNWNAbQQwQ+9QOLRLIn
lg+h8UIzBdUo4+HPm6ewSKTM1VBtQWTrLzKSEatUoqxXBznx1FpPbjo0G5xcTnXS
pzoztIECgYEAxxV1c706Hcy56hNv1q4G1UYDhRvBMIyeCnZWrr5lFD0Q5v7I/azH
i2EN4B/XZEQjstGxjGzCUXwngZoMykth67+bfynGkuAzdDQFgTXZCT1LSGWbJJQw
XhMTkL9Qpc9F1pByeX3G/o5pBc4xtjInMqf1wPEFD14ujeE/WMC0eCsCgYEAwCU9
azqLK1LMPgjcmep4Zl51xTVbaCzo5mreQAMoljxc4QDEW+HIK7/hhD57/MyA7Zya
6xIhIQ0q26xGV+MrJ9tWIhyUfoC07kV9jc0TcszaMAzNk0+vKVEwmvQC7833csC9
Tx/hS4jSiYkyqeIVYV0IZWjZvSlFqfmsZCl1UvkCgYAGSPolRkMQb8cqyaRNPb8/
em9gA2lM9BOFNwkziRU911OyRzbnM041a0H54md1ZeVOnuohCcn0spu4rrlapZiY
zbrF//ah6mwVbhMCakXI0eOPjI2iUP9Z6PZEKpYMNgf5ZyQGC999Z9eO9FyDaP/t
zHmotrM3Mfz8Q7ExRxwrcwKBgCwRnneUcszZ7Zwgvi/S9hBMg+haJ3/KJRSL2DOI
RevHJmo4mdCVBSr7lEaXaip94Ogebe2SN+Tztyuw5GVN5dz7UlL6iRhGfrjTWUuH
iHlhAH3awd+SfBMW2vX/FxlW/PTlvcWDA1ImrFr9C5CpGMw+4SkZFi9rYt3sNJy4
YX9JAoGAbAKC332U9iTPXajrygPkAtDjJQXnwp0BAXHU9NxNHFO0X2gkU+RQSotC
8muqyDgA0SLuagd0bAZS59wQCjTtHXB8WR5R5fri7a1MdmW+/0nhGG09CwV4Vw/n
ZEFexXmC1uUO1jfj0HtXrKgmkalj/1e60tjr/r6UxV/vM90Ogtw=
-----END RSA PRIVATE KEY-----
 

-----BEGIN CERTIFICATE REQUEST-----
MIIC3DCCAcQCAQAwgZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
MRQwEgYDVQQHDAtTYW50YV9DbGFyYTEMMAoGA1UECgwDQ1NHMRQwEgYDVQQLDAtF
bmdpbmVlcmluZzESMBAGA1UEAwwJY2xvdWQuY29tMSQwIgYJKoZIhvcNAQkBFhVr
aG9hLm5ndXllbkBjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCVbQ30SCGyKseQ+yACLBce4903DoM6y3AL1Xtku7fyDfqmpiRfXKE43jIX
rWcKpL4x+K76mU8QNtdzl3C13st7gkRbw4UeSjmYHPdSP0xJ6clMFVNXV36HK7za
dHRVZ0DF7vaQ+KJMbs+4zfhlmp4e7L60tT0WQBcO3HKOU9/9MMk9CX/uHWSWdNbm
32zatJfOePeOxc6DzzEXxL+SwY/U7oXk7tehli2lp9QH9Kp9m5f3mq/XYRtu6yJ8
HCuYpV39nn8WC5IYJ6zMGasKiXR19RPjiUxE8/bNbSbo7bfiPgeY66Fn+ovfix4D
VKYgweSv0rntUdapahzc2ZMMrafTAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
I9rsE/tsUgGNHzgsJ6Bq45a1AFN1hDS2IPuvEVl+3eGECR6ZRMxcHRn3ZGS0ISmD
mYeTfzwxT/IcCRXbVqFvAPkdiRwZwDvCjDg3BN1petrSURbyYbd9BTRkthSn+N1O
9Szyik0EKbuHnQ9TbeCBOvAKpSFIz+jImfNYXYIlvFTsJRJaDFDN0Xlv6QgDAX2J
qxjVaiOisJVz5QXjzD/NpWtFFQJYblLphS4uXmMllg3sWaAI9LhfAd1wJC9uSr8R
CZyqnV6UjC0AXMsBbchR2SNa5lWNBH6F9Kjv2StlrpglmJfq63MqDQLq3HFfKrfA
aQi9OlrjSMWkdIQX22pZxw==
-----END CERTIFICATE REQUEST-----
 

-----BEGIN CERTIFICATE-----
MIIDqjCCApICCQDaiXN+twsKSjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhX0NsYXJhMQww
CgYDVQQKDANDU0cxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAljbG91
ZC5jb20xJDAiBgkqhkiG9w0BCQEWFWtob2Eubmd1eWVuQGNsb3VkLmNvbTAeFw0y
NDA2MTEwMjAxMDRaFw0yNTA2MTEwMjAxMDRaMIGWMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGFfQ2xhcmExDDAKBgNVBAoM
A0NTRzEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNVBAMMCWNsb3VkLmNvbTEk
MCIGCSqGSIb3DQEJARYVa2hvYS5uZ3V5ZW5AY2xvdWQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW0N9EghsirHkPsgAiwXHuPdNw6DOstwC9V7
ZLu38g36pqYkX1yhON4yF61nCqS+Mfiu+plPEDbXc5dwtd7Le4JEW8OFHko5mBz3
Uj9MSenJTBVTV1d+hyu82nR0VWdAxe72kPiiTG7PuM34ZZqeHuy+tLU9FkAXDtxy
jlPf/TDJPQl/7h1klnTW5t9s2rSXznj3jsXOg88xF8S/ksGP1O6F5O7XoZYtpafU
B/SqfZuX95qv12EbbusifBwrmKVd/Z5/FguSGCeszBmrCol0dfUT44lMRPP2zW0m
6O234j4HmOuhZ/qL34seA1SmIMHkr9K57VHWqWoc3NmTDK2n0wIDAQABMA0GCSqG
SIb3DQEBCwUAA4IBAQBLojhxNsw24NOuTIQ3dJh6WZATiiBjw8kQyEJqyiB8oCmO
oAVleDAjI44C2eaR1vj321yNQI6bmBGPffwUoIX6YMAfll6nJqOfl9+rJd1FYCCd
FIqt76sC9YTu8WL3j7X1LE2lhQj7RZUt321QcG30qxQoXlQIM5oP7q17WkmPY0tW
JQZ4LjQRGHtc9rDiSlkzeMeBgtG3HqdNSorn2S15JJf/4sm5JXQXd7GByicv9aNM
AagjqwlkziJUpLO2r2bRX+3Qn0NE5WlxaYYisIPe9py3TsnLXHcrnTqrHbh6e4wc
+yF9+4nouCHPjOs2i0QV7koFHz8lnEiUYaxYT8wl
-----END CERTIFICATE-----