Setup SSL Certificates For vSphere Lab-Part-1-Configuring CA Server

By | 23/10/2015

This week I was looking for setting up CA Server for generating SSL certificates which can be used in my vSphere Home Lab. Using Self-Signed certificates usually work in a lab environment, but its good to know how to work with signed certificates as in production environment organizations don’t use self-signed certificates and rely on SSL certificates bought from 3rd party like Thawte or Verisign.

Having your own CA is useful for testing SSL and other services that require certificates without the need to purchase certificates from a third party.  However, these certificates will not be automatically trusted by computers external to your AD domain, so there are some limitations.

In this post I am going to share the steps needed to configure a Windows 2008 R2 Server as Certificate Authority.

Prerequisites

  • Active Directory Domain already setup and configured
  • Server 2008 installed and joined to domain

Lets begin with configuring Server 2008 as CA server.

1: Launch Server Manager and click on Add Roles. From the list of roles available select “Active Directory Certificate Service” and hit Next.

ssl-1

2: Hit Next on Introduction to AD CS page.

ssl-2

3: Under Role Services select “Certification Authority” and hit Next.

ssl-3

4: Select “Enterprise” as setup type for your CA server and hit Next.

For SSL deep dive I would recommend reading this Article by Derek Seamen.

ssl-4

5: Under Specify CA type select “Root CA” and hit Next.

ssl-5

6: This is a new CA without existing keys so select Create an new private key and hit Next.

ssl-6

7: Keep the default CSP, hashing method, and key length and hit Next.

ssl-7

8: Keep the default CA name and hit Next.

ssl-8

9: Keep the default validity period of 5 years and hit Next.

ssl-9

10: Dont change the default database location for certs unless you have specific requirements. Hit Next.

ssl-10

11: Click on Install button on Confirm Installation Selections page.

ssl-11

12: Wait for installation to finish.

ssl-12

Installing Certification Authority Web Enrollment service

The Web Enrollment service is very useful while making requests for certificates from computers that are not members of AD domain.

Once “Certificate Authority” role is installed completely, you can add Certification Authority Web Enrollment service to it from server manager page.

13: Click on Add Role Services.

ssl-13

14: Under Role Services select “Certification Authority Web Enrollment” and hit Next.`

ssl-14

15: Click on Add Required Role Services button to add the IIS services.

ssl-15

16: On IIS page hit Next.

ssl-16

17: Keep the default selection and hit Next. If you have specific requirements you can add additional options by selecting the appropriate components check boxes.

ssl-17

18: Hit Next to start installing the services and components.

ssl-18

19: Hit Close once the components are installed.

ssl-19

With this installation of CA Server role has finished. In our Next post we will see how to configure and use signed certificates.

Additional References:

1: Install an Enterprise Certificate Authority in Windows 2008 R2

2: Create a Windows Enterprise CA and issue certificates for vRA and other VMware Products with examples

3: Install Certification Authority in Windows Server 2008 R2

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

Category: SSL Certs

About Alex Hunt

Hi All I am Manish Jha. I am currently working in OVH US as Operations Support Engineer (vCloud Air Operations). I have around 7 Years of IT experience and have exposure on VMware vSphere, vCloud Director,vSphere Replication, vRealize Automation, NSX and RHEL. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.

11 thoughts on “Setup SSL Certificates For vSphere Lab-Part-1-Configuring CA Server

  1. Pingback: Setup SSL Certificate Authority For vSphere Lab-Part-2-Creating Certificates | Go Virtual.

  2. Pingback: Setup SSL Certificate Authority For vSphere Lab-Part-2-Creating Certificate templates | Go Virtual.

  3. Pingback: Setup SSL Certificates For vSphere Lab-Part-2-Creating Certificate templates | Go Virtual.

  4. Pingback: Newsletter: October 31, 2015 | Notes from MWhite

  5. Pingback: Setup CA Server for vSphere Lab- Say Good Bye to Self-Signed Certs | Virtual Reality

  6. Pingback: Setup CA Server for vSphere Lab- Say Good Bye to Self-Signed Certs – Virtual Reality

  7. Pingback: Lesson Learnt While Working With SSL Certificates – Virtual Reality

  8. Pingback: Setup SSL Certificate For vSphere Lab-Part-5-Creating and Replacing vRealize SSL Certificates – Virtual Reality

  9. Pingback: Setup SSL Certificate For vSphere Lab-Part-4-Creating and Replacing vSphere SSL Certificates – Virtual Reality

  10. Pingback: Setup SSL Certificate For vSphere Lab-Part-3-Creating SSL Web Certificates Template for VMware – Virtual Reality

  11. Pingback: Setup SSL Certificates For vSphere Lab-Part-2-Creating Certificate templates – Virtual Reality