VMware Cloud Community
SeanWhitney
VMware Employee
VMware Employee
‎02-13-2015 11:01 AM

PreStaging SSL Certificates in vSphere 5.x. The quickest, easiest, and least troublesome way to implement Custom certificates. - New Blog Post!

Hi Everyone,

I recently decided to start a blog and my first post is on prestaging SSL certificates in 5.x for Inventory Service, vCenter Server, Web Client and the Log Browser.

After endless troubleshooting sessions and implementing of CA certificates in customer environments I have decided to share what I feel is the easiest and most efficient way to implement custom certificates in vSphere 5.x.

The method I am writing about is called Pre-Staging where you essentially take your CA certificates, place them in the correct service folder, and then install/reinstall the component. During installation, the installer recognizes pre existing certificates and the CA certificate that you staged will be used to install, register, and trust service(s) appropriately.

This will work for Inventory Service, vCenter Server Service, Web Client, and the Log Browser service. This does not work with SSO certificates as they are overridden during install; you will have to use the automation tool to install SSO certificates first which I will go over in this post as well.

http://www.virtually-limitless.com/certificates/prestaging-ssl-certificates-in-vsphere-5-x-the-quick...

Questions, comments, feedback welcome!

Sean

------------------------------------------------------------------------- Sean Whitney Sr. Systems Engineer, NSX Networking and Security Business Unit Check out my Blog @ www.virtually-limitless.com
Reply
0 Kudos
2 Replies
crawfordm
Expert
Expert
‎02-13-2015 11:07 AM

Derek Seaman is the man when it comes to SSL certs.  He created a great script to take care of it all.  Here is his blog - http://www.derekseaman.com/2013/10/vsphere-5-5-install-pt-1-introduction.html

------------------------------------------------------------------ If you found this answer useful please consider the use of the Helpful or Correct buttons to award points. Thanks, Marc Crawford CCNA, MCSE, MCTS, A+, Net+, Sec +, VCA-WM, VCA-DCV, VCA-Cloud, VCA-NV, VCP-NV, VCP-DCV, VCP, VCAP5-DCA http://gplus.to/marccrawford http://blog.marccrawford.com @uber_tech_geek
Reply
0 Kudos
SeanWhitney
VMware Employee
VMware Employee
‎02-13-2015 11:16 AM

Very nice!

The one thing I can say that is useful in my blog is that if his script hits issues, or anyone runs into any problems with the automation tool, an uninstall, prestage, then reinstall always seems like a sure way to get the cert in place and trusted. I'll have to check out his script sometime.

------------------------------------------------------------------------- Sean Whitney Sr. Systems Engineer, NSX Networking and Security Business Unit Check out my Blog @ www.virtually-limitless.com
Reply
0 Kudos