In this post we will take a look into a workflow that can help the automation of certificate generation. Certificates that are generated from the vCO/vRO workflow are standard certificates that can be used with VMware Products or for any other purpose or software. Here are some of the files that can be produced by the workflows
– openssl.cfg – OpenSSL config file
– rui.crt – CRT Certificate
– rui.csr – Certificate Signing Request.
– rui.key – Private-key of a specific certificate (PEM formatted)
– rui.p12 – PKCS12 Package containing CRT and Private key.
– rui.p7b – PKCS7 Package containing CRT
– rui.pem – PEM Certificate with Private-key
- rui-orig.key – Private-key of a specific certificate
Most of the certificate aspects and properties, like Subject alternative Names (SAN) are customizable during execution.
We will take a look into few of the many possibilities the workflows in this package provide:
Use Case 1: Create certificate request file - In the first use case we will use the workflows in the package to create certificate request (.CSR) file. This file can then be used by administrators to generate a certificate form the internal company certificate authority or send to external public certificate authorities who will generate the certificate instead.
Use Case 2: Convert existing certificate to PEM – In the second use case we will use the workflows in the package to convert an existing certificate into .PEM certificate. Let’s say that you have received a certificate you must use on your VMware Appliance. IN order to use this certificate you must convert it to .PEM format to be used by the appliance. It can be a .cer certificate or a PKCS12 (P12) or PKCS7 (P7B) certificate package containing the certificate.
Use Case 3: Using the “Generate Certificate: WF to automate the end-to-end process – In the third use case we will use a workflow to automate the end-to-end certificate generation process. From the creation of OpenSSL configuration file, creating a certificate request file, submitting this to a certificate authority, receiving the generated certificate, converting it to linux usable PEM format and finally exporting it to certificate package.
Best Regards,
Spas Kaloferov
