13 Responses

  1. Updating CA SSL Certificates in vSphere 5 « Long White Virtual Clouds

    […] Updating SSL Certificate in vShield Manager Made Easy […]

  2. Mike
    Mike at |

    I was working on trying to do this process and when I tried to generate a CSR in vShield manager 5.0.1 using an FQDN it throws an error that the common name is not in a valid format. I am entering the fqdn for the vShield Manager VM as something like: server_name.sub_domain.company.com in the common name field. I was wondering if you or anyone else had seen this message? I've successfully been able to generate CSRs for other vSphere components so I like to hope I should know how to fill out the CSR fields but maybe I missed something.

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi Mike, I would recommend using the IP address in the common name field for vShield Manager 5.0.1. The FQDN should go into the SAN only.

      Reply
  3. swiftangelus
    swiftangelus at |

    Do you know if using CSRs generated by openssl etc work? Or is it mandatory to use the CSR generated by the vShield web page?

    Reply
  4. Nate
    Nate at |

    I am not successful adding the SAN attribute to the cert. I am trying to determine if this is a security issue of our PKI not allowing the SAN attribute to be added. I noticed this article, http://windowsitpro.com/security/q-how-can-i-enab… . Did anyone else run into this issue?

    Reply
    1. rjensen
      rjensen at |

      Nate,

      I had the same issue and it proved that i had to set that setting on my CA in the article you posted a link to. Apparently if the SAN value is part of the CSR its not an issue but when its supplied as "additional attributes" on the certsrv web-form SAN has to be allowed as per the article you reference.

      Reply
  5. Using the VMware SSL Certificate Automation Tool with a Microsoft Certificate Authority « DefinIT

    […] A great procedure for updating vShield Manager Appliance SSL is here: http://longwhiteclouds.com/2012/03/31/updating-ssl-certificate-in-vshield-manager-made-easy/ […]

  6. Gabrie van Zanten
    Gabrie van Zanten at |

    Was very helpful. Thank you!

    Reply
  7. Roman
    Roman at |

    Good afternoon. Is there a way to implement wildcard ssl to vShield Manager 5.5? Previous version does not have this feature.

    Reply
  8. Configuring CA signed certificates for vCloud Director | VirtualChronicles

    […] Michael Webster has already made a blog post on configuring CA signed certificates for vShield Manager which you can find here […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.