For new customers, a certificate must be requested at least two (2) business days in advance by sending a request to certificates@tacp.zendesk.com.
The following information must be provided in the e-mail:
Required details | Example |
Requester Name | John Doe |
Requester E-mail | john.doe@acme.com |
Date | 2018-12-31 |
Company Name | ACME Corporation |
Organization Name | MSP Stacks |
GPG Public key | Public key name (publicKey.asc) |
An organization provides a way to organize and manage your ThinkAgile CP hardware resources. The organization identifier is used to identify the hardware stack in the ThinkAgile CP Cloud Controller. Each organization identifier must be unique. For more information about organizations within the ThinkAgile CP Cloud Controller, see Manage organizations.
The Lenovo team will reply with the certificate and the instructions to install.
To create and use GNU Privacy Guard (GPG) keys, follow these steps:
- Execute the following command to create a new GPG key:
gpg2 --gen-key
Alternatively, you can execute the following command:
gpg2 --gen-key
This prompts you for an interactive setup. The following example shows sample output and answers for reference.
gpg2 --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Sat Aug 8 14:33:52 2020 UTC
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: John Doe ( ACME )
Email address: jdoe@acme.com
Comment: ACME GPG
You selected this USER-ID:
"John Doe ( ACME ) (ACME GPG)<jdoe@ACME.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
- Locate your public key IDs:
gpg2 --list-public-keys <requester e-mail>, where the <requester e-mail> is the e-mail address used to request the certificate from certificates@tacp.zendesk.com.
The following is an example showing the command output:
gpg2 --list-public-keys john.doe@acme.com
pub 4096R/ECA7E403 2018-08-08 [expires: 2020-08-07]
uid John Doe ( ACME Inc ) <john.doe@acme.com>
sub ....
In the above output, the key is ECA7E403.
- Export the key and send your keys to the key server:
gpg2 --send-keys --keyserver pool.sks-keyservers.net <GPG key ID>
For example:
gpg2 --send-keys --keyserver pool.sks-keyservers.net ECA7E403
gpg: sending key C264BE84ECA7E403 to hkp://pool.sks-keyservers.net
- Extract the GPG key:
gpg --output publicKey.asc -- armor -- export <requester e-mail>, where the <requester e-mail> is the e-mail address used to request the certificate from certificates@tacp.zendesk.com.
Use publicKey.asc as the name of the public key.
- Request the new certificate from certificates@tacp.zendesk.com as described at the beginning of this section.
- Please wait for the public key to be signed by Lenovo.
It can take up to two (2) business days to sign the GPG key.
- Decrypt the signed keys obtained from Lenovo. The result of the decryption process is a .TAR file.
This must be done in the same directory where you extracted the key.
gpg2 --output <New-TAR-File-Name> -- decrypt <Signed-File-Obtained-From-Lenovo>
For example:
gpg2 --output lenovo-thinkagile-test.controller-broker-client.pki.cp.lenovo.com-client_db.tar.gz --decrypt lenovo-thinkagile-test.controller-broker-client.pki.cp.lenovo.com-client_db.tar.asc