flanker86
Contributor
Contributor

certificate on vsphere not in domain

Hi everybody,

It's possible to change certificate in vcenter not in AD domain without fqdn but only with ip?

MAny thanks

0 Kudos
6 Replies
vijayrana968
Virtuoso
Virtuoso

0 Kudos
flanker86
Contributor
Contributor

I've try to replace certificate, but i think, without ad join, there is some issue.

Can some one help me?

0 Kudos
daphnissov
Immortal
Immortal

You need to provide much more specifics on your current situation and what you're asking.

0 Kudos
flanker86
Contributor
Contributor

Ok, it's true 🙂

I have 2 subnet:

Subnet A with ip of physical machine

Subnet B with vm (Domain controller, dhcp, dns, certification authority....)

Subnet A and B do not communicate with each other.

The Vcenter have only local domain (vsphere.local) and ip, not FQDN configured on Vcenter and Esxi host.

I have Certification Authority on Subnet B (the vm's subnet).

The answer is: it's possible to use the Certification Authority to replace the certificate on vcenter, without any name and domain configured?

I think isn't possible because isn't joined on domain controller.

Thanks in advance

0 Kudos
daphnissov
Immortal
Immortal

As long as you can generate the certificate with the IP in the common name field as well as SAN and transport that to the vCenter, you can replace the certificate. But you really should not have installed vCenter with an IP instead of an FQDN. It does not need to be joined to AD to replace a certificate.

0 Kudos
flanker86
Contributor
Contributor

BEcause when i try to replace the certificate, return the error

error 20 at 0 depth lookup:unable to get local issuer certificate

I try to investigate with kb, but i can't resolve.

0 Kudos