VMware Cloud Community
zantoro
Contributor
Contributor
‎03-09-2009 09:42 AM
Jump to solution

SSL Certificate

Hello,

I would like to install a valid certificate on our VirtualCenter Server (at the moment we have an expired, unrecognised certificate) in order to use the VMware Virtual Infrastructure Web Access.

I read this article: and it states that in order to change the certificate I have to stop every VM in every server (we have 14 blades with approx 80 machines running). Is this absolutely necessary?

All I want to do is to install a certificate exclusively for web interface access use, I don't want to change the certificate on the ESX machine too. Is that absolutely necessary?

Thanks,

Roberto.

Reply
0 Kudos
1 Solution

Accepted Solutions
IRIX201110141
Champion
Champion
‎03-10-2009 11:56 AM
Jump to solution

The following will happend when changing the SSL certs on the vCenter.

- The Service cant connect to the Database anymore because the password crypt isnt the same any more. To fix that you have to run "vxpd -p" on the command shell

- IIRC a similar problem exits with if you use customizing templates

There are no effects with the ESX. If your SSL Cert is based on a self create RootCA you have to import this into your Windows Cert Store (trusted RootCAs).

Regards

Joerg

"Remember if you found this or others answers helpful do not forget to award points by marking an answer as helpful or correct'

View solution in original post

Reply
0 Kudos
4 Replies
Texiwill
Leadership
Leadership
‎03-09-2009 12:01 PM
Jump to solution

Hello,

Moved to vCenter server forum.

All I want to do is to install a certificate exclusively for web interface access use, I don't want to change the certificate on the ESX machine too. Is that absolutely necessary?

Yes as they all use the same certificate.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
IRIX201110141
Champion
Champion
‎03-09-2009 12:29 PM
Jump to solution

No its not necessary. I used my own selfsigned certs on every vcenter/esx and i cant remember that i have shutdown a single VM. All these clusters starts with vmware default certs and i change them after the cluster/installation went into production.

Regards

Joerg

'Remember if you found this or others answers helpful do not forget to award points by marking an answer as helpful or correct'

Reply
0 Kudos
zantoro
Contributor
Contributor
‎03-09-2009 01:27 PM
Jump to solution

Texiwill, Altix,

first of all thanks for answering. What could happen if I replace the certificates in the c:\docu & sets\all users\application data\vmware\ssl of the "VMware Center" and not on the ESXs:

- would the ESX machines be affected (in any way)?

- Am I still gonna get the certificate error opening the web console with IE?

Thanks again,

Bye,

Roberto.

Reply
0 Kudos
IRIX201110141
Champion
Champion
‎03-10-2009 11:56 AM
Jump to solution

The following will happend when changing the SSL certs on the vCenter.

- The Service cant connect to the Database anymore because the password crypt isnt the same any more. To fix that you have to run "vxpd -p" on the command shell

- IIRC a similar problem exits with if you use customizing templates

There are no effects with the ESX. If your SSL Cert is based on a self create RootCA you have to import this into your Windows Cert Store (trusted RootCAs).

Regards

Joerg

"Remember if you found this or others answers helpful do not forget to award points by marking an answer as helpful or correct'

Reply
0 Kudos