Ssl on The IT Hollow

VMware SSL Automation Tool - Error Generating pfx

Mon, 29 Dec 2014 16:13:20 +0000

During the process of setting up a new vCenter Server in my lab, I ran into an issue adding SSL Certificates to my vCenter services. I followed my own blog posts about how to do this so that I wouldn’t miss anything, but nevertheless ran into an error that took me quite a while to get fixed.

After creating all my certificate requests using the VMware SSL Automation Tool, I updated my SSO with my custom certificate without issue. The next step is to make sure the Inventory Service trusts the new SSO Certificate, which also went without a hitch.

Add SSL Certificate to VMware vCOps

Tue, 02 Sep 2014 13:15:42 +0000

In this day and age, almost all the programs we interact with are web pages. Many of the applications we deploy end up having a web front end and are configured with a default SSL Certificate. It’s much more secure to have your own trusted certificate and in previous posts I’ve gone over how to setup the Public Key Infrastructure (PKI) in a home lab, as well as deploying Web Certificate Templates for our applications.

Replacing VMware vCenter SSL Certificates

Mon, 18 Aug 2014 13:30:58 +0000

Congratulations, if you’ve made it this far, you’re almost done with the replacing of your VMware SSL Certificates! If you’ve followed the previous posts, you’ll know that this has been a long path to completing your goal. This post finishes installing those certificates on your vCenter server. If you missed a part please check out the previous posts to get caught up.

Create a Home Lab Certificate Authority Deploy Root Certificates via Autoenrollment Create VMware-SSL Web Certificate Template Create VMware Services Certificate Requests

Create VMware SSL Certificate Requests

Thu, 14 Aug 2014 13:20:47 +0000

I’ve seen quite a few VMware environments where when you login, you get that silly error message about a certificate not being trusted. This is something we can fix and more importantly be sure that the connections are trusted and encrypted.

Prerequisites

Trusted root certificates deployed to workstations - Instructions for Lab Environment
Web-Certificate Template Deployed - Instructions for Lab Environment
Certificate Authority Web Enrollment server - (If you followed the Lab Environment setup this should be on your CA already)
Download OpenSSL and install it. I used 1.01h as the version for my lab which worked fine on a Server 2012 R2 Server which is also my vCenter Server.
Download and install the vCenter Certificate Automation Tool from VMware. This is also found in the vCenter install media for vSphere 5.5.

I prefer to create my certificate requests right from the VMware vCenter Server, so I install both the SSL Automation Tool and OpenSSL directly on the vCenter Server. If you’re using the VMware vCenter Server Appliance you’ll need to do this someplace else and there are some additional steps not listed in this post. Please see this KB article for more info: vCSA SSL Certs

Create VMware SSL Web Certificate

Mon, 11 Aug 2014 13:05:30 +0000

In order to replace our VMware SSL Certifactes, we need to create a web certificate template that we can then reuse to deploy all of the individual service certificates like vCenter, SSO, Update Manager, vCenter Orchestrator, etc. This certificate will be issued on the vCenter Server and requested in a later process.

In part one of this series, we installed a certificate authority.

In part two of this series, we deployed client authentication certificates to all our workstations and servers.

Setup Home Lab SSL Root Certificates

Thu, 07 Aug 2014 13:52:44 +0000

Home Lab SSL Certificates aren’t exactly a high priority for most people, but they are something you might want to play with before you get into a production environment. In part one of this series, I went over installing an Enterprise Root CA just to get us up and running. Again, be aware that for a production environment you should use an Offline Root CA and a Subordinate CA, but we’re in a lab and don’t need the additional layer of security.