7 Responses

  1. andreacasini
    andreacasini at |

    I was looking at the doc about Refresh the Security Token Service (STS) Root Certificate but I really don’t understand the instructions… did you investigate the matter?

    I don’t even know if I need it, I used the vSphere Manager Certificate Manager Utility but I don’t see listed the original root ca so I believe I should refresh the STS Root Cert.

    Reply
  2. vSphere 6.0 Link-O-Rama » Welcome to vSphere-land!

    […] 6: VMware Certificate Authority (VMCA): Design Decisions (Ather Beg’s Useful Thoughts) vSphere 6: Using VMCA as a Subordinate CA (Long White Virtual Clouds) vSphere 6 Certificate Lifecycle Management (MyVirtuaLife.Net) VMware […]

  3. Lars Troen (@larstr)
    Lars Troen (@larstr) at |

    Michael,
    This kinda works, but not completely. You will get some problems later, atleast I did. Had to change the cert to a self signed again:

    C:\Program Files\VMware\vCenter Server\vmcad>certool.exe –selfca –config selfcert.cfg
    Using config file : selfcert.cfg
    Status : Success

    After doing this I was able to use VMware’s built in certificate-manager and I used the same certificate as I did with certool mentioned in this blog.

    I actually followed the steps for “Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates (Using VMCA as a subordinate CA)” as desribed in this blog posting:
    http://www.virtually-limitless.com/certificates/replacing-or-implementing-ssl-certificates-in-vsphere-6/

    Lars

    Reply
  4. Bas van den Dikkenberg
    Bas van den Dikkenberg at |

    Does it also sign the update services certificate or need to do this manual

    Reply
    1. Bas van den Dikkenberg
      Bas van den Dikkenberg at |

      If not how do generate a new cert for the update services ?

      Reply

Leave a Reply