kaithor84
Contributor
Contributor

Generating Certificate Request for ESXi 4.1

I've been looking through VMware documentation, KB articles, and openSSL websites to find a good reference for generating certificates requests for an ESXi 4.1 host so that I can get a CA-signed certificate. I have not been able to findclear instructions. The ESXi Configuration Guide  for ESXi 4.1/vCenter Server 4.1 doesn't have instructions for using the openssl command. KB1029944 has decent instructions but for vCenter server and some options seem to not match up or are missing (doesn't show how to generate a 2048 bit key.

What I ended up doing was executing the command 'openssl genrsa 2048 > rui.key' which created the rui.key file; I believe this is the private key. I then went on to execute the next command (I believe is the certificate request) 'openssl req -new -x509 -nodes -newkey rsa:2048 -key rui.key -out rui.csr'. This command returned an error "unable to load config from /etc/pki/tls/openssl.cnf", a file which is non-existent.

Am I going about this the right way? Am I supposed to build this configuration file? I was about to find out how to do so but wanted to make sure it is the right way to go in creating a certificate request in order to get a CA-signed certificate.

0 Kudos
3 Replies
jimraina
Enthusiast
Enthusiast

Hi kaithor84,

Have you follwed below link if not please follw that, If still need more information please get back to us . http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100870...

"You are stronger than you think"
0 Kudos
farkasharry
Hot Shot
Hot Shot

It is lookinf for a Linux config file. To fix it, look at this post here:
http://www.wooditwork.com/2011/11/30/vsphere-5-certificates-3-replacing-the-default-vcenter-5-server... 

*** If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful! *** vExpert 2019, VCAP-DCA,VCP,MCSE,MCITS and some more...
0 Kudos
kaithor84
Contributor
Contributor

It looks like the "missing peice", or at least the part that I was confused about, is that you're supposed to generate the SSL certificates requests from a Windows box (I'm sure there's a way to do it form ESX/ESXi, but Windows worked for me). I installed openSSL on a Windows computer, performed the 'openssl genrsa 2048 > rui.key' command from the OpenSSL directory to create rui.key, then 'openssl req -new -key rui.key > rui.csr'. I did get an error at one point still referring to openssl.cfg cannot be found but just added a '-config openssl.cfg' to the end of the command. Submitted my request to the CA, once received I copied the Base 64 Encoded certificate into Notepad naming it rui.crt, then copied rui.key and rui.crt in the /etc/vmware/ssl directory on my ESXi server. Everythings good now.

0 Kudos