47 Responses

  1. Common Mistakes Implementing CA Signed SSL Certs in vSphere « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere environments. This will […]

  2. Updating SSL Certificate in vShield Manager Made Easy « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  3. vSphere 5 Security Hardening Guide – Public Draft « Long White Virtual Clouds

    […] William Lam at virtuallyGhetto has written a couple of very useful blogs on the topic of SSL Certificates that you may like to review. I hope that the recommendation to check expiry makes it into the final version of the hardening guide. If you want a way to fully manage the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. […]

  4. vSphere 5 Security Hardening Guide – Final Official Release « Long White Virtual Clouds

    […] I would like to draw your attention to the vCenter SSL Certificate recommendations in particular. Additional recommendations are made to check the validity of certificates and also to remove any expired or revoked certificates from your environment. These are very important administrative tasks that should be done if you are using custom SSL certs in place of the default self-signed certs. In my previous post I have linked to William Lam’s blogthat contains scripts to help you automate this task. If you want a way to fully manage the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. […]

  5. Updating CA SSL Certificates in vSphere 5 « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  6. vSphere Web Client SSL Cert not updated after vCenter SSL Cert Changed « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  7. Changing vCenter Heartbeat to CA SSL Certificates « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  8. Virtual Infrastructure Navigator breaks when vCenter SSL Cert Changed « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  9. vCenter Server Virtual Appliance – Changing SSL Certs Made Easy « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  10. Why change VMware default self-signed SSL certs? « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  11. Best Order for Changing SSL Certs in vSphere Environments « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. This will completely automate the SSL certificate process in vSphere […]

  12. The Trouble with CA SSL Certificates and vCenter 5 « Long White Virtual Clouds

    […] vCert Manager – Changing VMware SSL Certs Made Easy […]

  13. The Trouble with CA SSL Certificates and ESXi 5 « Long White Virtual Clouds

    […] vCert Manager – Changing VMware SSL Certs Made Easy […]

  14. Ronny
    Ronny at |

    this is really a great idea! I hope that this project will be integrated into vSphere sooner than later! Especially changing SSL certs for vCenter is really time consuming and painful as you have to copy the certs to five different directories, run some CLI commands, etc. btw: is it planned that SAN's (Subject Alternate Names) are also supported by vCert Manager (used by SRM)?

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi Ronny,

      Yes SAN's are supported and the intelligence is built into vCert Manager for the CSR's to request them. Some Pre req's exist on the CA's however that'll be in the docs. Cert Templates need to support them properly. For SRM the SAN will be FQDN, ShortName and IP. Common Name will be user defined.

      Reply
  15. vSphere 5.1 Generally Available – Important Upgrade Considerations « Long White Virtual Clouds

    […] the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. When released this aims to support vSphere 5.1 and will make the process as easy as clicking a […]

  16. Derek Seaman
    Derek Seaman at |

    I can't wait for this tool! SSL configuration with VMware products is extremely, extremely, highly frustrating! It's even worse in vSphere 5.1. The tool will negate the need for some of my blog posts, but I'll gladly trade that for not pulling out my hair when trying to properly configure certificates.

    The tool should also manage the SSL certificates needed for the SSO Service installer to establish a SSL connection to the back-end MS SQL server. The process of configuring the JDBC URL and keystore for trusted SSL is very tedious and not documented anywhere in VMware docs that I know of. I had to figure it out for myself.

    http://derek858.blogspot.com/2012/09/vmware-vcent

    Reply
  17. Mike J
    Mike J at |

    Great idea. I am in the process of creating a plan to update 200+ host with signed certifictes. This willy time consuming. This may adjust some of the design times. Hopefully this is out sooner than later. Good work.

    Reply
  18. Wasim Shaikh
    Wasim Shaikh at |

    This is going to be one of the best solution. I don't know why vmware didn't include such kind of certificate management as default when they introduced SSO, Inventory, vCenter, Web Client in 5.1. Its really painful to manage certificates. Hope to see this tool in market soon.

    Reply
  19. Wasim Shaikh
    Wasim Shaikh at |

    Thanks to Derek Seaman, he has put lots of efforts in documenting the procedure.

    Reply
  20. VMworld US 2012 and vSphere 5.1 Launch Roundup – My First VMworld « Long White Virtual Clouds

    […] SSL Management – vCert Manager: My demo of the vCert Manager prototype was very well received and everyone in the audience of the Automating Security and Compliance with DR session agreed it would greatly simplify the process of managing SSL Certificates in VMware environments. I have published the Demo online and written about it in article vCert Manager – Changing VMware SSL Certs Made Easy. […]

  21. Updating CA SSL Certificates in vSphere 5.1 « Long White Virtual Clouds

    […] contribution to the effort.  I will be making sure the process is automated for you as part of the vCert Manager project that I’m working on. My goal would be to automate both the Windows Installable and […]

  22. Peter Van Geem
    Peter Van Geem at |

    Really Super Great idea !! Looking forward to this solution!! Tnx Michael!

    Reply
  23. Nicolas Dassy
    Nicolas Dassy at |

    Good luck for this great project… You are right when you discuss about the pain to work with these certificates! I wish you much success

    Reply
  24. Paul Sheard
    Paul Sheard at |

    Awesome work Michael!

    Regards

    @pshearduk

    Reply
  25. vcpguy (@vcpguy)
    vcpguy (@vcpguy) at |

    Any idea, when this tool will be released ?

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      We're expecting vCert Manager to be generally available this quarter (Q1 2013). It will be in Beta shortly.

      Reply
  26. vcpguy (@vcpguy)
    vcpguy (@vcpguy) at |

    Thanks for the quick update. Can we still sign for the Beta ?

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      You sure can. Just complete the early adopter form that I've linked through to in the article and you'll be contacted as soon as the general beta is available.

      Reply
  27. brianjg
    brianjg at |

    I've tried access the program but got no response. Does anyone have a working download link or know if the program is still going?

    Reply
  28. » Automating vSphere SSL Cert Management – vCert Manager Beta Demo Long White Virtual Clouds

    […] wrote an article regarding a few months ago titled vCert Manager – Changing VMware SSL Certs Made Easy, which included a demo of a very early prototype that I presented at VMworld USA in August 2012. […]

  29. » My vmWorld Report Mike Laverick…
    » My vmWorld Report Mike Laverick… at |

    […] Suite. On this second point I was made away of the “vCert Manager” project over on LongWhiteClouds.com which I’ve signed up for the beta that’s been pilotted by Virtual Systems Solutions. […]

  30. vSoup Credibility Maish-up #30 | vSoup

    […] vCert Manager – Changing VMware SSL Certs Made Easy by Michael Webster […]

  31. Constey
    Constey at |

    Same for me. I filled the early adopter in Q4/2012 but got no response until now.

    There are no news for that?

    Reply
  32. brianjg
    brianjg at |

    VMware have released their own tool. I haven't used it but it might be worth a shot. http://kb.vmware.com/kb/2041600

    Reply
  33. Constey
    Constey at |

    Yep, i just wrote about it – and noticed that there was some kind of tool i was still waiting for :)

    Reply
  34. Mike Celone
    Mike Celone at |

    I found this post today while doing some research on changing certificates in vSphere 5.1. When will this toll be available? Can we still sign up for the early adopter program?

    Reply
  35. Andrew
    Andrew at |

    This would be perfect! We just implemented a new vSphere 5.1 environment with Heartbeat and to properly replace the certificates takes hours. I hope this is available in the next 2 years before these certificates expire.

    Reply
  36. Fajar
    Fajar at |

    Hi Michael,
    I want to change the bits from 2048 to 4096 but I wonder why I cannot edit the generate-certificate script because it's readonly, eventhough I have used x! to save it.
    I found the workarond by copying it first to /tmp, edit, and copy back to /sbin. But I'm just curious why cannot edit in /sbin.

    Reply

Leave a Reply