You have observed that whenever you connect to vCenter Server using vSphere Client or connect via web-client you receive a warning that the certificate presented is not trusted and bla bla bla.

For lab environments or small environments Self-Signed certificates works just fine, but knowing how to use Signed Certificates is invaluable.

In this post we are going to cover how to create SSL Certificate request and how to replace them. If you have missed earlier posts of this series I would recommend reading them first from below links:

1: Installing and Configuring CA Server

2: Creating Certificate Templates

3: Creating SSL Web Certificates Template for VMware

Prerequisites

There are certain prerequisites that must be met before performing the SSL certs creation and replacement. These are listed as below:

1: Microsoft Enterprise CA server deployed along with IIS installed.
2: Web-Certificate Template created for vSphere components.
3: Download and install the vCenter Certificate Automation Tool from VMware.… Read More

In this post we are going to cover the SSL Web Certificate creation for VMware. If you have missed earlier posts of this series I would recommend reading them first from below links:

1: Installing and Configuring CA Server

2: Creating Certificate Templates

Lets begin with creating SSL Web certificates for VMware.

1: Launch the Certificate Authority MMC and navigate to Certificate Templates folder. Right click the folder and select Manage.

2: From the displayed list of templates, select Web Server template and right click on it and select Duplicate Template.

3: Select the Server 2008 Enterprise option. You can also choose Server 2003 option if you are looking for backward compatibility. Hit OK.

4: Provide a new name for this template. Modify the validity period and renewal period if you want longer period of time for this option and don’t want to go with default time period. Hit Apply OK.… Read More

In our last post Setup SSL Certificate Authority For vSphere Lab we saw how to add CA Server Role to a windows server 2008 machine. In this post we will see how to generate certificates.

1: Launch Certificate Authority console from Administrative Tools.

2: Right Click on Certificate Template and click Manage.

3: Select the Windows Authentication Template and right click on it and select Duplicate Template.

4: Select Windows server 2008 Enterprise and hit OK.

5: Give the new certificate template a name. Also we need to change some of the properties of the new template.

I have changed the validity period to 5 years and selected Publish certificate in AD and Do not automatically reenroll option.

6: Go to Security tab and  change the “Domain Computers” permissions to read and autoenroll the certificate.

7: Go to Extensions Tab and change the Application Policies to include both Client and Server Authentication.… Read More

This week I was looking for setting up CA Server for generating SSL certificates which can be used in my vSphere Home Lab. Using Self-Signed certificates usually work in a lab environment, but its good to know how to work with signed certificates as in production environment organizations don’t use self-signed certificates and rely on SSL certificates bought from 3rd party like Thawte or Verisign.

Having your own CA is useful for testing SSL and other services that require certificates without the need to purchase certificates from a third party.  However, these certificates will not be automatically trusted by computers external to your AD domain, so there are some limitations.

In this post I am going to share the steps needed to configure a Windows 2008 R2 Server as Certificate Authority.

Prerequisites

• Active Directory Domain already setup and configured
• Server 2008 installed and joined to domain

Lets begin with configuring Server 2008 as CA server.… Read More