Hi,

VCSA Appliance (6.0) External PSC

VCSA Appliance (6.0) vCenter

VUM 6.0 (1 x Windows 2012 R2 running SQL 2014 and 1 x Windows 2012 R2 with VUM installed)

Open SSL Root and Subordinate CA

I've replaced the SSL certs for the PSC with no issues, the VC and hosts are all looking good:-)

In order to replace the SSL certs for VUM I've followed KB 1023011 and replaced the self signed certs with certs signed by an OpenSSL Subordinate CA. When I open the VI client and enable the VUM plugin I get a certificate error. If I open the PFX and import it into my personal cert store the full chain, subordinate and root is there and all are trusted. If I browse via https to another server where I've replaced the SSL cert with one that has been signed by the same CA the browser doesn't moan.

Questions:

1. Does the error indicate that my PC doesn't trust the cert or that the vCenter doesn't support the cert?

2. If it's likely to be that the vCenter isn't trusting the cert how do I install the Root CA certificate into the keystore on the vCenter? The PSC already has it and is trusting it, otherwise it would not be handing nicely signed certs to the esxi hosts.

3. The cert that has been issued for VUM has the dns name of the VUM server in the SAN part of the cert but not in the issued to. Is that likely to be a problem?

4. The CSR that was generated for VUM was not generated from the VUM server, instead it was done from the workstation where he has OpenSSL installed. Is that likely to be an issue?

As a side note KB 1023011 has no mention of being the right process for 5.5, let alone 6.0!

Many thanks,

Gerg