Updating CA SSL Certificates in vSphere 5
Many of you will have read my articles regarding changing SSL certificates in vSphere 5 components for custom CA SSL certificates. My motivation for writing them was I felt there was little good information around that would actually help people with this process. It has also traditionally been very difficult and frustrating, not to mention error prone. The good news is that my work has not gone unnoticed with VMware and there is now work underway to improve the public KB’s and documentation that is available to assist customers. Here are some of the VMware KB’s that have been or will be updated. I’m also including links to all of my recent posts regarding SSL certificates, which I will keep updated as I add to it, so you have one index page to visit.
Long White Virtual Clouds Articles on CA SSL Certificates
If you want a way to fully manage the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere environments.
This list below contains links to all of the relevant articles I have posted regarding changing SSL certificates in vSphere 5 and related products. Each link will open in a new window. I have tested the processes outlined in these articles and verified them with customers. This work is being used to update the VMware KB articles.
If you have trouble following any of the above articles or you have a request with regard to changing SSL certificates in another VMware product please get in touch via the feedback form on the Author Page. As always your feedback and comments are greatly appreciated. There are still traps that might run into as PKI and SSL Cert generation is particularly complex. So do contact me if you are having a problem with any of the instructions. .
VMware KB Articles that have been or will be updated
In addition to the KB’s below a new general KB article with regard to changing SSL certificates in vSphere 5 will be published. This KB will bring together the relevant steps and will hopefully cover the full VMware Cloud Infrastructure Management (CIM) suite. As I become aware of new or updated articles I will include them here. So check back regularly to monitor progress.
Thanks to the great work of the VMware team for getting these articles created and updated.
VMware KB 2015387 - Configuring OpenSSL for installation and configuration of CA signed certificates in vSphere environments – Created based on my work
VMware KB 2015421 – Configuring CA Signed certificates for vCenter 5.0 – Created based on my work
VMware KB 2015499 – Configuring CA Signed certificates for ESXi 5.0 – Created based on my work
VMware KB 2009857 – Certificate warning is reported even after replacing vCenter Server 5.0 default SSL certificates with custom SSL certificates – Updated based on my work
VMware KB 1023011 – Replacing SSL certificates for VMware vCenter Update Manager by using the Update Manager Utility
VMware KB 2007824 – After upgrading to vCenter Server 5.0, the vCenter Service Stats and Hardware Status tab cannot be accessed
VMware KB 1013472 – vCenter Server Service Status plug-in cannot be enabled
Other CA SSL Certificate Resources for vSphere 5
Creating a Certificate with Multiple Hostnames – Greg Rowe
Import an OpenSSL CSR into a Windows CA – Christopher Bean
Replace SSL Certificates: Replace vCenter SSL Certificates - Rynardt Spies
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com, by Michael Webster +. Copyright © 2012 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.