In a previous post, The Trouble with CA SSL Certificates and vCenter 5, I reported that there isn’t a supported way to change out the self-signed SSL certificates that vCenter Heartbeat uses to communicate between nodes. This is quite important in secure enterprise and government environments, and in public/private clouds that are trying to meet regulatory standards. I have some good news to report.
After raising this with VMware I was informed they were working on a supported solution and they have now developed a KB article that explains how to change the vCenter Heartbeat SSL Certs for CA signed SSL certs. For information on how to change out the SSL certs for vCenter Heartbeat refer to KB 2013041. I have not yet tested this procedure but when I do I will update this post and if necessary create a new post to explain the process further and give you a tested and verified process.
If you want a way to fully manage the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere environments.
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com, by Michael Webster +. Copyright © 2012 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.