VMware Cloud Community
Eds89
Enthusiast
Enthusiast
Jump to solution

How to import internal ADCS wildcard certificate to standalone host

Hi,

I have a single ESXi free standalone host, and I would like to replace the self signed cert with a wildcard cert generated by my internal ADCS CA.

Can anyone tell me in simple terms how to complete this?

Cheers

Eds

Reply
0 Kudos
1 Solution

Accepted Solutions
Eds89
Enthusiast
Enthusiast
Jump to solution

Yep, works fine after reissuing with SHA256.


Thanks

Eds

View solution in original post

Reply
0 Kudos
5 Replies
daphnissov
Immortal
Immortal
Jump to solution

vSphere doesn't support wildcard certs.

Reply
0 Kudos
Eds89
Enthusiast
Enthusiast
Jump to solution

Ok understood. Kind of annoying but not the end of the world.

I have now created a FQDN cert request, but when importing the issed cert from ADCS, I get:

ERR_CERT_WEAK_SIGNATURE_ALGORITHM

I assume this is because it is SHA1? Is this something that ESXi controls when created the cert request or is it an ADCS setting that would need to be changed?

Thanks

Eds

Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

You have signed the cert from your CA in SHA1 which won't work nor is it even a good idea because of its strength.

Reply
0 Kudos
CoryIT
Enthusiast
Enthusiast
Jump to solution

Sorry, I have just gone back over the guide I used to deploy my CA, and while the screenshot they included for the signing algorithm step said SHA1, they made a note that I missed to use 256 instead.

I will try to change my signing algorithm, and reissue my certificate.

Thanks

Reply
0 Kudos
Eds89
Enthusiast
Enthusiast
Jump to solution

Yep, works fine after reissuing with SHA256.


Thanks

Eds

Reply
0 Kudos