vCenter

 View Only

  • 1.  Create new csr for vCenter ssl cert

    Posted Feb 21, 2020 08:24 PM

    I'm stuck in some kind of certificate netherworld.  I've run certificate manager to create a new key and csr per these instructions, choosing options 1 and 1.

    https://samsig.dk/getting-a-valid-certificate-on-your-vmware-vsphere-vcenter-6-7/

    When I use our certificate portal and pasted my csr into the certificate csr field, I got a message that the alternative email is invalid. The portal itself has a required email field, so I decided to go back through the cert setup and leave the email blank. The setup wants to use the existing certool.cfg or quit. I ran through it and tried to overwrite the email entry with a blank, but that didn't work. I tried to use the certool command to overwrite the email entry with a blank, but I get an error when I try to do that. I renamed the certool.cfg file in the config folder to .old, but the certificate manager still sees all of the previous info that I entered, including the email entry I want to ditch.

    Is there another certool.cfg file that I need to look for somewhere? Should I delete the one that I renamed? Any other options?

    Thanks.



  • 2.  RE: Create new csr for vCenter ssl cert

    Posted Feb 21, 2020 09:08 PM
      |   view attached

    Hi,

    You need to generate a new certificate with this procedure:

    Generate Certificate Signing Request for Machine SSL Certificate Using the vSphere Client (Custom Certificates)

    pag. 96 in the attached

    Generate CSR with vSphere Certificate Manager and Prepare Root Certificate (Intermediate CA)

    pag. 107 in the attached

    ARomeo



  • 3.  RE: Create new csr for vCenter ssl cert

    Posted Feb 21, 2020 09:55 PM

    Thanks. The "Generate CSR" task is requiring an email address. Also, even though the IP field says optional, the Next button does not respond unless I put in an IP. I went ahead and did all that to create the CSR, but my cert portal gave me the same error messages.

    I'll contact the certificate portal support and see what they say.



  • 4.  RE: Create new csr for vCenter ssl cert

    Posted Feb 21, 2020 10:07 PM

    Hi,

    yes, it seems like a good idea.

    if you then write how you solve it, it can be useful to other people. Thank you.

    ARomeo



  • 5.  RE: Create new csr for vCenter ssl cert
    Best Answer

    Posted Feb 25, 2020 02:33 PM

    It turns out that our certificate portal can only be used to create single domain certificates, and email addresses in the csr apparently imply multi domain certificate. One of the people in our campus software office had to create the request for me, so I was able to get my certificate.

    Thanks for the responses.



  • 6.  RE: Create new csr for vCenter ssl cert

    Posted Feb 25, 2020 02:38 PM

    Well!

    ARomeo