Ive been banging my head with this all day - I admit defeat :(
I understand that not to error I need to trust the root CA then that the certificate on the VCenter's common name needs to match its URL. I need to know how to do this with OpenSSL on he Virtual Center Server itself (NOT with Windows Certificate Services)
Ive read
http://www.vmware.com/pdf/vi_vcserver_certificates.pdf and a thousand other blogs, helpfiles - websites and still cannot make it work, I'm either thick, or missing something blatantly obvious
what Ive done-------------------
Install open SSL
In /bin folder create a folder called newcerts
Copy the index.txt and serial files from \bin\pem\democa to \bin
Open openssl.cnf with notepad
Change settings to
[ CA_default ]
dir = . # Where everything is kept
private_key = $dir/rui.key # The private key
certificate = $dir/myroot.crt # The CA certificate
1. Open a command prompt
cd c:\openssl\bin\
2. Create a Local Root CA
openssl req -new -x509 -extensions v3_ca -keyout rui.key -out myroot.crt -days 3650 -config openssl.cnf
Enter passphrase
Answer Questions
Set common name to FQDN
3. Create a request file for The Virtial Center Server to get a Web Certficate from your Root CA
openssl req -new -nodes -out rui.csr -config openssl.cnf
4. Process the request file and generate a certificate
openssl ca -out rui.crt -config openssl.cnf -infiles rui.csr
5. Now create a .pfx file.
openssl pkcs12 -export -in rui.crt -inkey rui.key -out rui.pfx
error
C:\OpenSSL\bin>openssl pkcs12 -export -in rui.crt -inkey rui.key -out rui.pfx
Loading 'screen' into random state - done
Enter pass phrase for rui.key:
No certificate matches private key
Im getting the key and the cert dont match but Ive only got one key?
