Create VMware SSL Web Certificate

Create VMware SSL Web Certificate

August 11, 2014 1 By Eric Shanks

piotr_halas_padlock  In order to replace our VMware SSL Certifactes, we need to create a web certificate template that we can then reuse to deploy all of the individual service certificates like vCenter, SSO, Update Manager, vCenter Orchestrator, etc.  This certificate will be issued on the vCenter Server and requested in a later process.

In part one of this series, we installed a certificate authority.

In part two of this series, we deployed client authentication certificates to all our workstations and servers.

 

Create VMware SSL Certificate

To start, we need to go back to our Certificate Authority server, open the Certificate Authority MMC and right click the Certificate Templates folder.  From here we can click Manage and we’ll be presented with our list of Certificate Templates.

EntCA07

Find the Web Server Template.  Right click it and choose Duplicate Template.  (It is possible to modify the Web Server Certificate Template itself, but I find that it is a better practice to make a duplicate of it, and then modify the copy)

Webssl1

 

Open up the newly created copy of the Web Server Certificate Template.  Give it a descriptive name like “VMware-SSL” as that’s what we’re going to use it for.

Webssl2

 

Go to the “Extensions” tab and edit the “Key Usage” extension.  Click the “Signature is proof of origin (nonrepudiation) check box as well as the “allow encryption of user data” box.

Webssl3

 

Now edit the “Application Policies” extension and add “Client Authentication” to the list of policies.

Webssl4

 

 

Click ok.

Now we can deploy the certificate template we just created.  Right Click “Certificate Templates” in the MMC and this time select New–> Certificate Template to Issue.  Select the SSL Certificate you just created.  (VMware-SSL in our case)

VMware-ssl6

 

 

Summary

We should now have our Certificate Authority, Root Certificates, and Web Certificate Templates all ready to go.  Our next step is to start requesting certificates from the Authority to be deployed to our web services which I’ve outlined in the following post.

If you would like to know more, please check out the VMware KB article about setting up these certificates for use with VMware services.