VMware Cloud Community
janesb74
Contributor
Contributor

vCenter 4.0 u2 - Replacing the SSL certs in a MS clustered vCenter

I have a windows 2008 r2 cluster and vCenter 4.0u2 setup and running as a clustered resource.

I've been replacing the SSL certificates with self signed certs from our 2008 r2 CA.

I have generated and sucessfully (up to a point) replaced the SSL certs for both vCenter and Update manager so far, following the very handy blogs from Darek Seaman

http://derek858.blogspot.com/2009/11/vcenter-server-40-ssl-certificate.html

http://derek858.blogspot.com/2009/11/vcenter-update-manager-40-ssl.html


However, as these guides were not written for a MS Clustered environment I have found an issue that my knowledge of SSL certificates/vCenter does provide an answer for.

When I connect to my virtual server via the FQDN of the clustered service name (this is the FQDN I have created my replacement SSL certs for) I log in without warning.  But I get a warning from Update Manager or Service Status that "the certificate received from <FQDN of the node in my ms cluster currently running vCenter> was issued for <FQDN of the clustered service name>."

Of course I can understand that this message is correct, but in the setup on vCenter on an MS Cluster you have the same SSL certs on both nodes.  So as I don't believe I can have different SSL certs on each node of the cluster am I ever going to be able to achieve a MS Clustered vCenter without certificate warning?

Reply
0 Kudos
0 Replies