Microsoft recently issued a security advisory and a patch that blocks any certificates with a key length less than 1024 bits. This has impacted a wide variety of systems including VMware Site Recovery Manager 5.0 and below. This article will provide you a way to quickly regenerate the self-signed SRM certificates.
Recently I wrote about Updating CA SSL Certificates in vSphere 5.1 which applied to the Windows installable version of the vCenter 5.1 and it’s supporting components including SSO. VMware has now also released the instructions to update the CA SSL certificates in the vSphere 5.1 vCenter Virtual Appliance.
Over the past few weeks I have been working behind the scenes with a team of people at VMware spread around the globe on the process to successfully change out the self-signed certificates in vSphere 5.1. With the introduction of Single Sign-On in vSphere 5.1 the process is somewhat more complicated than vSphere 5 (ok quite a lot more complicated). But now I’m able to bring you some of the solutions you’ve all been waiting for.
The twitter wires and blogosphere were ablaze with news out of VMworld US 2012 (August 27 – 30th). This was my first ever VMworld (with hopefully many more to come), and I greatly enjoyed it and I also enjoyed meeting many of you. My direct flight home to Auckland from San Francisco on Air New Zealand was the best flight I’ve ever had, and I got a full 8 hours sleep so I didn’t have any jetlag (Thanks Air New Zealand). But this article is all about my take on the event, what I learned, and vSphere 5.1. I’ve decided to do something slightly different to others, to take it all in, and then write this roundup post VMworld. I’m also going to target this towards the relevance to production and business critical applications environments. I’ll also give you some insight into the sessions I presented, the results and my lessons learned. Read more…
The vSphere 5 Security Guide has been officially released. There are a number of changes and enhancements and you should go through each to review the applicability to your environment and compare it to the vSphere 4.1 Hardening Guide. Since the public draft there have also been some significant changes that you should take time to review.
The vSphere 5 Security Guide has been released publicly in draft form for comment. There are a number of changes and enhancements and you should go through each to review the applicability to your environment. Here is one of the highlights of the new version from my perspective and links through to the documents. It’s hard work putting this hardening guide together so thanks to Charu, Ben, Grant and Kyle, and the rest of the VMware Team for all their hard work on this.
I was contacted recently by Maish Saidel-Keesing (@maishsk), who is a vExpert, fellow tweeter and top 50 virtualization blogger at technodrone.blogspot.com asking if I had updated the SSL Certs in vShield Manager at all. At this point I have updated quite a lot of certs for customers and in my lab but vShield wasn’t one of them and it was still firmly on my To Do list. He challenged me to see if I could get it working, so I set about updating my vShield Manager SSL Certs and helped Maish do the same in his environment. It wasn’t quite as hard as some of the other tools when it comes to changing SSL Certs, but it wasn’t entirely straight forward either. If you want to know how to do it the easy way, read on.
Changing SSL Certificates in vSphere environments can be difficult and error prone. But when I come across a problem where a customer is not able to successfully update their certs it’s generally down to one of four things. This article will provide you with the top 5 mistakes that are commonly made and how to avoid them.
During the process of working with customers changing their SSL default self-signed certs for CA signed SSL certs in their vSphere environments I found that the order they were changed made a difference. This was also the case when I ran through the same process in my lab environment. Here is the order that I found was the easiest when changing the SSL certs in the vSphere environments I’ve worked with.
Many of you will have read my articles regarding changing SSL certificates in vSphere 5 components for custom CA SSL certificates. My motivation for writing them was I felt there was little good information around that would actually help people with this process. It has also traditionally been very difficult and frustrating, not to mention error prone. The good news is that my work has not gone unnoticed with VMware and there is now work underway to improve the public KB’s and documentation that is available to assist customers. Here are some of the VMware KB’s that have been or will be updated. I’m also including links to all of my recent posts regarding SSL certificates, which I will keep updated as I add to it, so you have one index page to visit.