VMware Cloud Community
vadonka
Enthusiast
Enthusiast

VCSA 7 Web Client Custom Certificate

Hi Guys!

Im able to succesfully migrate from 6.7 to 7.0. Everything is up and running.

Now i want to use my company signed wildcard certificate for the web client for avoid SSL error in browser.

Probably this is where is messed up the 6.x badly, so anyone can help me out?

As i understand i need the solution user certificate, the fifth menu option in the console certificate manager. Right?

If i replace the machine cert the whole system messed up, i figured out already. So this is a clean and fresh system, everything is working. I really dont want to mess up this part again, but we need the signed cert.

Thanks! Smiley Happy

Reply
0 Kudos
4 Replies
daphnissov
Immortal
Immortal

It doesn't support wildcard certificates. You need to use CN/SAN certificates instead.

Reply
0 Kudos
vadonka
Enthusiast
Enthusiast

This would be a problem. We only have the wildcard since that is cover everything. Are you sure its not gonna work? Its the same PEM format like with the CN.

Reply
0 Kudos
daphnissov
Immortal
Immortal

Correct, wildcard certificates are not supported in vSphere as they have never been. 7.0 does not change that.

Reply
0 Kudos
vadonka
Enthusiast
Enthusiast

Vmware surely have an SSL fetish...

I cant even use a reverse proxy above the vcenter server. If i use a different hostname vcenter rewrite to its own. If i use the same hostname its drop me http 400 error.

Im export the root CA and import to the browsers. This is the only way if we dont want to purchase an individual ssl just for the vcenter. I rather stay away from the whole SSL part and leave it untouched in vcenter. I guess i will have a problem when the self signed cert will expire 2 years from now XDD

What is bad i cant reach anybody on the support. The local support line is dead, nobody answer it, im opened a support ticket not answered since a week. I know the coronavirus rewrite almost everything but this is not acceptable.

Anyway its solved now with importing the CA to the browsers. Its not a solution its a workaround, but its works. Enough, for now.

Reply
0 Kudos