I hope someone may be able to help with a few issues I have with replacing the default SSL on a vCenter 5 u1 server.
I had one of my colleagues generate an SSL certificate using IIS7, we then processed the CSR with Thawte, and we purchased an SS123 cert from Thawte which is just a domain validation SSL.
We exported the SSL with the private key into a PFX format; I used OpenSSL to obtain the rui.key and rui.crt and copied them along with the rui.pfx to the necessary locations on the vCenter server. I followed all the steps documented http://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.solutions.doc_50/GUID-37AAEDFE-EF2E-45FC-B0C6-44841E4FB302.html and other sites like WoodITwork.com
After completing all the steps, I browse the vCenter URL https://vc_url.com and I still get a certificate warning, I check the certificate from browser and can see the SSL has been installed but I get the error “This certificate cannot be verified up to a trusted certification authority”
I then login to vCenter via the vSphere client and gets a certificate warning, strange warning:
vc.voclients.local is actually the local domain FQDN of the vCenter. The error received is that its untrusted and it also states that The certificate received from “vc.voclients.local” was issued for “” which as you can see from that attachment is blank.
I used the online Thawte SSL Checker, the status stated invalid chain with the following error: “The intermediate CA certificates cannot be found for the following certificate chain.”
I have another concern and I’m not sure if this has ever been brought up before but the documentation states to use the password on the PFX file of “testpassword” now if one were to gain unauthorised access to a vCenter server they could steal the PFX and knowing the password.
Just as a side note I successfully got the SSL to work a few years ago on vCenter 2.5 using the same method, I really wish VMware provided a tool to perform such SSL tasks, it has become very complicated now with having to change 3 or 4 different places. I have attached some images of the errors which may shed some light on the issue.
Any suggestions are welcomed