Working with CA signed certificates in your vSphere environment?

Are you working with CA signed certificates in your vSphere environment? You might want to check out these recently published KB articles. They will definitely help understanding the whole process around installing and configuring them. (Thanks Simon for pointing these out!)

Be Sociable, Share!

    Comments

    1. Jamie says

      the bottom four links seem to be broken.

      ‘We’re sorry, but this Document is not currently available. Try again in a few minutes.”

    2. Joern Clausen says

      Do certificates with a chain of CAs work by now? When I tried two years ago, this type of certificates caused several problems. The real show stopper was, that deploying Windows templates was no longer possible. The administrator password given in the configuration wizard could not be decrypted(?) while configuring the OS on the new machine.

    3. Benjamin says

      What vmware provides in terms of a solution for SSL certs is a joke.
      Its pity we pay them so much money and they expect you to do 100+ steps to insert a certificate!!

    4. says

      nod, this is why microsoft will eventually win the virtualisation war.
      Stupid things like if the view connection server is installed before the composer the database doesn’t get initialised. seriously, VMWare need to wake up now.
      installing certificates is dangerous and liable to render the vcenter unusable wih one wrong step.
      and most normal people can’t fix it.
      most customers want the darn thing to work straight away with the minimum of fuss.

    5. Benjamin says

      Hi Guys,

      I have found on one of sites (Dont remember where) a script which would take your certifactes and automaticly install int vCenter.
      I have tested this on vCenter Linux appliance 5.1 (bases on SUSE SLES) with wildcard from godaddy (*.domain.com).
      therefore i didint need to buy a seperate sertificate for each ‘component’ of vcenter, it all worked with same one.

      here is the script:
      http://pastebin.com/MFKcuWYX

      some note:

      ##
      # THIS PART ADDED BY BENNY SHTARK
      #
      # IMPORTANT!
      # Create “A” record of IP of the server for the HOSTNAME first!
      #
      # 3 CERTIFICATE FILES WITH THIS SCRIPT SOMEWHERE ON VCENTER APPLIANCE
      # USE WINSCP APP FOR EASY COPY FROM WINDOWS TO LINUX
      # THEN RUN FOLLOWING:
      #
      # chmod +x chcert.sh
      # ./chcert.sh .example.com ‘vmware’ ‘1server.crt,2inter.crt,3root.crt’ 4private.key .example.com
      #
      # of course, change replace with the server actual HOSTNAME

    6. Benjamin says

      almost forgot,

      on DISABLE SERVICES section, there are some services that are disabled by script, you may want to keep them running..

      look for this line:
      if [ ${DISABLE_UNDESIRED_SERVICES} -eq 1 ]; then

      i think you want to comment this one:
      chkconfig vmware-inventoryservice off

      to leave vmware invetory working properly…

    7. Benjamin says

      also,

      for the 4 certificates please see this:
      ’1server.crt,2inter.crt,3root.crt’ certificate files, must have this in their header:
      —–BEGIN CERTIFICATE—–

      while 4private.key file must have this in its header (its another type of certificate file)
      —–BEGIN RSA PRIVATE KEY—–

    Leave a Reply