In order to replace our VMware SSL Certifactes, we need to create a web certificate template that we can then reuse to deploy all of the individual service certificates like vCenter, SSO, Update Manager, vCenter Orchestrator, etc. This certificate will be issued on the vCenter Server and requested in a later process.
In part one of this series, we installed a certificate authority.
In part two of this series, we deployed client authentication certificates to all our workstations and servers.
Create VMware SSL Certificate
To start, we need to go back to our Certificate Authority server, open the Certificate Authority MMC and right click the Certificate Templates folder. From here we can click Manage and we’ll be presented with our list of Certificate Templates.
Find the Web Server Template. Right click it and choose Duplicate Template. (It is possible to modify the Web Server Certificate Template itself, but I find that it is a better practice to make a duplicate of it, and then modify the copy)
Open up the newly created copy of the Web Server Certificate Template. Give it a descriptive name like “VMware-SSL” as that’s what we’re going to use it for.
Go to the “Extensions” tab and edit the “Key Usage” extension. Click the “Signature is proof of origin (nonrepudiation) check box as well as the “allow encryption of user data” box.
Now edit the “Application Policies” extension and add “Client Authentication” to the list of policies.
Now we can deploy the certificate template we just created. Right Click “Certificate Templates” in the MMC and this time select New–> Certificate Template to Issue. Select the SSL Certificate you just created. (VMware-SSL in our case)
We should now have our Certificate Authority, Root Certificates, and Web Certificate Templates all ready to go. Our next step is to start requesting certificates from the Authority to be deployed to our web services which I’ve outlined in the following post.
If you would like to know more, please check out the VMware KB article about setting up these certificates for use with VMware services.