Re: certificate on vsphere not in domain

flanker86 · ‎07-30-2019

Hi everybody,

It's possible to change certificate in vcenter not in AD domain without fqdn but only with ip?

MAny thanks

vijayrana968 · ‎07-30-2019

Use the default VMCA certificates. Managing Certificates with the vSphere Certificate Manager Utility

flanker86 · ‎07-30-2019

I've try to replace certificate, but i think, without ad join, there is some issue.

Can some one help me?

daphnissov · ‎07-30-2019

You need to provide much more specifics on your current situation and what you're asking.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

flanker86 · ‎07-30-2019

Ok, it's true 🙂

I have 2 subnet:

Subnet A with ip of physical machine

Subnet B with vm (Domain controller, dhcp, dns, certification authority....)

Subnet A and B do not communicate with each other.

The Vcenter have only local domain (vsphere.local) and ip, not FQDN configured on Vcenter and Esxi host.

I have Certification Authority on Subnet B (the vm's subnet).

The answer is: it's possible to use the Certification Authority to replace the certificate on vcenter, without any name and domain configured?

I think isn't possible because isn't joined on domain controller.

Thanks in advance

daphnissov · ‎07-30-2019

As long as you can generate the certificate with the IP in the common name field as well as SAN and transport that to the vCenter, you can replace the certificate. But you really should not have installed vCenter with an IP instead of an FQDN. It does not need to be joined to AD to replace a certificate.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

flanker86 · ‎07-30-2019

BEcause when i try to replace the certificate, return the error

error 20 at 0 depth lookup:unable to get local issuer certificate

I try to investigate with kb, but i can't resolve.

All

certificate on vsphere not in domain