Petersaints
Enthusiast
Enthusiast

Custom certificates

Jump to solution

Hello all,

Need some help with custom certificates. I have a IaaS infrastructure on vsphere 6.7, deployed for a customer. The customer have access to vcenter to perform simple operations like, open VM console.

IaaS and the customer are on different Active directory domains.

E.g: The domain name of the VMWare infrastructure is private.cloud and the domain name where the customer belong, is client.org.

On the private.cloud domain, I don’t have a certificate authority server, but, on the customer domain, exists one.

My questions are, for an hybrid mode:

1 - Can I sent the requested certificate generated on VCSA to the customer and he generates the certificate on the CA, or the certificate must be generated on the domain where the vcenter belong?

2 - On the CA, when downloading the certificate, how do I know if I only need to download the certificate, or also have to download the certificate chain?

Many thanks.

Regards.

1 Solution

Accepted Solutions
s_wieland
Enthusiast
Enthusiast

Hi @Petersaints ,

yes, exactly. The video shows all required steps including the merge of the certificate and the chain. The file must have the newly generated certficate first, the subordinate CA as second and the root CA as last entry.

View solution in original post

3 Replies
s_wieland
Enthusiast
Enthusiast

Hello,

you'Re customer can sign the vCenter with his CA. There is no dependency on the same DNS domain. His clients will trust the CA and every certificate they sign.

For the import you should add the complete chain into the certificate. So the certificate should consist of the certificate itself, the root CA and all subordinate CAs

Petersaints
Enthusiast
Enthusiast

Hello @s_wieland ,

You mean that after i export the certificate chain, i have to copy the content of the certificates, to a new root.cer file and than, this content to the bottom of the machine.cer file?, like this video https://www.youtube.com/watch?v=KdQwyMDEJ_8 (from minute 4:45)?

Many thanks.

Regards.

0 Kudos
s_wieland
Enthusiast
Enthusiast

Hi @Petersaints ,

yes, exactly. The video shows all required steps including the merge of the certificate and the chain. The file must have the newly generated certficate first, the subordinate CA as second and the root CA as last entry.