16 Responses

  1. Simon Mijolovic
    Simon Mijolovic at |

    Thanks Michael! Let's get the word out!

  2. Rob
    Rob at |

    Nice work – Shame on VMware for making certificate management such an arduous process though.

  3. Derek Seaman
    Derek Seaman at |

    I wrote a 14 post blog series on installing vCenter 5.1 with trusted SSL certificates. I'm in the process of making minor tweaks for 5.1.0A. As I update each post I'm making note of any changes with 5.1.0A, or issues that have been resolved. Inventory service SSL replacement seems reliable now.


    1. @vcdxnz001
      @vcdxnz001 at |

      Thanks Derek. That's a fantastic contribution. Will make sure I link through to it from this and my vSphere 5 SSL article also. I would suggest you align your articles with the information from the KB's as we have gone through and verified all the steps as working with all the components.

      1. Derek Seaman
        Derek Seaman at |

        Yup, been pretty busy but will be tweaking the articles a little bit more. Thanks for the shout out!

  4. Updating CA SSL Certificates in vSphere 5.1 vCenter Virtual Appliance « Long White Virtual Clouds

    […] I wrote about Updating CA SSL Certificates in vSphere 5.1 which applied to the Windows installable version of the vCenter 5.1 and it’s supporting […]

  5. Updating CA SSL Certificates in vSphere 5 « Long White Virtual Clouds

    […] Updating CA SSL Certificates in vSphere 5.1 […]

  6. Technology Short Take #26 - blog.scottlowe.org - The weblog of an IT pro specializing in virtualization, storage, and servers

    […] Webster has a great write-up on replacing CA SSL certificates in vSphere 5.1. Thanks for all the effort pulling this together, […]

  7. VMware issues SSO patch, new SSL documentation - The Virtualization Room

    […] director of IT Solutions 2000 Ltd., a VMware consultancy based in Auckland, New Zealand, noted in a blog post that there’s still a ‘gotcha’ with SSL certificates in a certain […]

  8. vSphere 5.1 Generally Available – Important Upgrade Considerations « Long White Virtual Clouds

    […] into KB articles. We have tested the procedures. I would recommend that you use these articles – Updating CA SSL Certificates in vSphere 5.1 and Updating CA SSL Certificates in vSphere 5.1 vCenter Virtual Appliance. I expect VMware will […]

  9. Hugh
    Hugh at |

    Has anyone successfully upgraded to vSphere 5.1.0.b using SSO in HA mode with SSL certs and a VIP on a load balancer?

    I've engaged VMware technical support and not one person on their floor of technicians has done an upgrade to 5.1 using SSO in HA configuration with a load balancer and SSL certificates. VMware's documentation isn't great for the SSL part when using a load balancer with SSO in HA mode….. Its ok if you do the single vCenter, SSO, Inv all in one install for small environments…but not if you want redundancy.

    I'd be interested if anyone in VMware support has successfully got this working?

  10. Hugh
    Hugh at |

    Hi Micheal,

    We have considered it, but because we pay a lot for Enterprise edition licenses, VMware should provide proper documentation or make it simpler to upgrade to 5.1 and also prepare their technical staff to be able to support the more complex installs, such as the SSO servers in HA config with SSL certs. Many in the VMware community think VMware has really dropped the ball on this one.

  11. » VMware vCenter Certificate Automation Tool 1.0 vs vCert Manager Long White Virtual Clouds

    […] improve the manual process documented in the earlier KB’s slightly, which had 136 steps (See Updating CA SSL Certificates in vSphere 5.1) it’s not really what I’d call real automation of the process. It doesn’t […]

  12. Jonathan
    Jonathan at |

    There were 4 points that I thought deserved clarification and used the feedback link as well as a SR to encourage on KB 2037432.

    1. They indicate that the DN must be unique via OU matching the component function. They do not however list what to do if you have multiple servers running the same function (i.e. multiple vCenters). In this case, would the different CN be enough or do the OU need to not only be the function but vCenter environment.

    2. They do not have a warning that the real hostname FQDN must be last in the SAN list. http://virtuallyhyper.com/2012/08/srm-5-x-custom-

    3. In KB 2015499, they reference 2037432 but to not provide a suggestion on what a proper OU would be. This is also related to the first question.

    4. Is the name rui.csr/key/cer required or just conventional? When dealing with a large number of certs, it makes more sense to prefix the host shortname just to be certain you don't get your rui* mixed up accidentally.


Leave a Reply