• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Yellow Bricks

by Duncan Epping

  • Home
  • ESXTOP
  • Stickers/Shirts
  • Privacy Policy
  • About
  • Show Search
Hide Search

Working with CA signed certificates in your vSphere environment?

Duncan Epping · Oct 30, 2012 ·

Are you working with CA signed certificates in your vSphere environment? You might want to check out these recently published KB articles. They will definitely help understanding the whole process around installing and configuring them. (Thanks Simon for pointing these out!)

  • Configuring CA signed certificates for VMware vCenter Server 5.0.x
    http://kb.vmware.com/kb/2015421
  • Configuring certificates signed by a Certificate Authority (CA) for vCenter Server Appliance 5.1
    http://kb.vmware.com/kb/2036744
  • Configuring CA signed SSL certificates for vSphere Update Manager in vCenter 5.1
    http://kb.vmware.com/kb/2037581
  • Creating certificate requests and certificates for the vCenter 5.1 components
    http://kb.vmware.com/kb/2037432
  • Configuring CA signed SSL certificates for vCenter SSO in vCenter 5.1
    http://kb.vmware.com/kb/2035011
  • Configuring CA signed SSL certificates for the Web Client and Log Browser in vCenter 5.1
    http://kb.vmware.com/kb/2035010
  • Configuring CA signed SSL certificates for the Inventory service in vCenter 5.1
    http://kb.vmware.com/kb/2035009
  • Configuring OpenSSL for installation and configuration of CA signed certificates in the vSphere environment
    http://kb.vmware.com/kb/2015387
  • Configuring CA signed certificates for ESXi 5.x hosts
    http://kb.vmware.com/kb/2015499
  • Configuring CA signed certificates for vCenter 5.1
    http://kb.vmware.com/kb/2035005
  • Implementing CA signed SSL certificates with vSphere 5.0
    http://kb.vmware.com/kb/2015383
  • Implementing CA signed SSL certificates with vSphere 5.1
    http://kb.vmware.com/kb/2034833

Related

Server 5.0, 5.1, certificates, security, vSphere

Reader Interactions

Comments

  1. Jamie says

    30 October, 2012 at 16:29

    the bottom four links seem to be broken.

    ‘We’re sorry, but this Document is not currently available. Try again in a few minutes.”

    • Duncan Epping says

      30 October, 2012 at 17:12

      thanks, fixed

  2. Joern Clausen says

    30 October, 2012 at 18:21

    Do certificates with a chain of CAs work by now? When I tried two years ago, this type of certificates caused several problems. The real show stopper was, that deploying Windows templates was no longer possible. The administrator password given in the configuration wizard could not be decrypted(?) while configuring the OS on the new machine.

  3. SDP says

    30 October, 2012 at 18:31

    It’s a pity VMware didn’t already provide a single GUI utility to simplify the ssl process for their products.

    vCert Manager
    ”In the meantime, Webster is building his own utility for SSL certificate management, called vCert Manager, which will allow completely automated management of SSL certificates in a vSphere environment.”

    http://itknowledgeexchange.techtarget.com/server-virtualization/vmware-issues-sso-patch-new-ssl-documentation/

  4. Derek Seaman says

    17 November, 2012 at 04:09

    I wrote a series of blog posts on how to configure vCenter 5.1 with trusted SSL certificates: http://derek858.blogspot.com/2012/09/vmware-vcenter-51-installation-part-1.html

  5. Benjamin says

    16 January, 2013 at 16:30

    What vmware provides in terms of a solution for SSL certs is a joke.
    Its pity we pay them so much money and they expect you to do 100+ steps to insert a certificate!!

  6. vk2hmc says

    11 March, 2013 at 16:21

    nod, this is why microsoft will eventually win the virtualisation war.
    Stupid things like if the view connection server is installed before the composer the database doesn’t get initialised. seriously, VMWare need to wake up now.
    installing certificates is dangerous and liable to render the vcenter unusable wih one wrong step.
    and most normal people can’t fix it.
    most customers want the darn thing to work straight away with the minimum of fuss.

  7. Benjamin says

    11 March, 2013 at 16:46

    Hi Guys,

    I have found on one of sites (Dont remember where) a script which would take your certifactes and automaticly install int vCenter.
    I have tested this on vCenter Linux appliance 5.1 (bases on SUSE SLES) with wildcard from godaddy (*.domain.com).
    therefore i didint need to buy a seperate sertificate for each ‘component’ of vcenter, it all worked with same one.

    here is the script:
    http://pastebin.com/MFKcuWYX

    some note:

    ##
    # THIS PART ADDED BY BENNY SHTARK
    #
    # IMPORTANT!
    # Create “A” record of IP of the server for the HOSTNAME first!
    #
    # 3 CERTIFICATE FILES WITH THIS SCRIPT SOMEWHERE ON VCENTER APPLIANCE
    # USE WINSCP APP FOR EASY COPY FROM WINDOWS TO LINUX
    # THEN RUN FOLLOWING:
    #
    # chmod +x chcert.sh
    # ./chcert.sh .example.com ‘vmware’ ‘1server.crt,2inter.crt,3root.crt’ 4private.key .example.com
    #
    # of course, change replace with the server actual HOSTNAME

  8. Benjamin says

    11 March, 2013 at 16:49

    almost forgot,

    on DISABLE SERVICES section, there are some services that are disabled by script, you may want to keep them running..

    look for this line:
    if [ ${DISABLE_UNDESIRED_SERVICES} -eq 1 ]; then

    i think you want to comment this one:
    chkconfig vmware-inventoryservice off

    to leave vmware invetory working properly…

  9. Benjamin says

    11 March, 2013 at 16:53

    also,

    for the 4 certificates please see this:
    ’1server.crt,2inter.crt,3root.crt’ certificate files, must have this in their header:
    —–BEGIN CERTIFICATE—–

    while 4private.key file must have this in its header (its another type of certificate file)
    —–BEGIN RSA PRIVATE KEY—–

Primary Sidebar

About the author

Duncan Epping is a Chief Technologist in the Office of CTO of the Cloud Platform BU at VMware. He is a VCDX (# 007), the author of the "vSAN Deep Dive", the “vSphere Clustering Technical Deep Dive” series, and the host of the "Unexplored Territory" podcast.

Upcoming Events

May 24th – VMUG Poland
June 1st – VMUG Belgium
Aug 21st – VMware Explore
Sep 20th – VMUG DK
Nov 6th – VMware Explore
Dec 7th – Swiss German VMUG

Recommended Reads

Sponsors

Want to support Yellow-Bricks? Buy an advert!

Advertisements

Copyright Yellow-Bricks.com © 2023 · Log in