VMware Cloud Community
jmcclymont
Contributor
Contributor
‎10-13-2011 07:35 AM

vSphere 5 web client SSL

Hi all,

we're currently replacing the self-signed SSL certificates used in our VMware products with trusted wildcard certificates. After replacing vCenters SSL certificates we realized that the certificate for the vSphere Web Client did not change. How do I change this certificate?

Thank you!

Tags (1)
Reply
0 Kudos
6 Replies
hank-ger
Enthusiast
Enthusiast
‎10-14-2011 01:00 AM

I think you have to change the WebServer SSL Certificate.

Reply
0 Kudos
jmcclymont
Contributor
Contributor
‎10-14-2011 06:12 AM

(Copied from private message)

K,  that's what I did before on v4 and it worked, but for some reason my  vcenter service won't fire after I replace the certs and reboot.  When  you make your .crt file, are you copying all the ---BEGIN CERTIFICATE---  ---END CERTIFICATE---  portions out to the one key file or just the  first?  With the godaddy and its intermidiates I've got my crt file with  three different certs listed in it.  Was thinking maybe that's where  I'm going wrong.  I see you have  INTERMEDIATE.CRT listed there as an  output file so I'm guessing I did it wrong..  Thanks for the info!

Reply
0 Kudos
jmcclymont
Contributor
Contributor
‎10-14-2011 06:12 AM

for the vCenter 5-Server we just replaced the rui.crt, rui.key and rui.pfx in \Users\All Users\VMware\VMware VirtualCenter\SSL\ with our wildcard certificate and rebooted the machine. After reboot  every ESX-Host have to be reconnected to the VirtualCenter.

We used this to generate the PFX-File:

openssl pkcs12 -export -in CERTIFICATE.CRT -inkey PRIVATE.KEY -name rui -passout pass:YOURPASS -out rui.pfx -certfile INTERMEDIATE.CRT

Hope this helps


Reply
0 Kudos
jmcclymont
Contributor
Contributor
‎10-14-2011 06:13 AM

(Copied from private message)
Hey,  noticed your post on vm communities about replacing the vsphere 5  self-singed cert.  Just curious, did you follow the vsphere 4 guide for  replacing your self-singed cert?  I did this when we were on v4 but the  cert made a mess of things when upgrading to v5.  I'm a bit nervous to  put our wildcard back on there but thought I'd check with your to see  what guide you followed.

Thanks

  -scott

Reply
0 Kudos
DimaIteco
Contributor
Contributor
‎10-23-2011 10:48 PM

You have to change 3 files rui.crt, rui.key, rui.pfx files in directory C:\Program Files\VMware\Infrastructure\vSphere Web Client\DMServer\config\ssl for vSphere Web Client.

For vCenter you have to change files in directory C:\ProgramData\VMware\VMware VirtualCenter\SSL, but I think you already did it. You can use the same files to copy it  in path for vSphere Web Client.

This directories used when the OS is win2008r2. For others OS the paths have some changes.

The process generating Replacement Certificate to vCenter Server described in document vsp_4_vcserver_certificates.pdf which you can find in vmware site.

Reply
0 Kudos
watchmen
Contributor
Contributor
‎10-24-2012 12:20 AM

Hello Dimalteco,

Works this also for the Syslog collector and the ESI dump collector.

Greetings,

Claudio

Reply
0 Kudos