[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:esx001, IP:192.168.10.128, DNS:esx001.cyrus-consultants.co.uk
[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = North Yorkshire
localityName = YORK
0.organizationName = Cyrus Computer Consultants Ltd
organizationalUnitName = EE Article Department
commonName = esx001.cyrus-consultants.co.uk
openssl req -new -nodes -out rui.csr -keyout rui-orig.key -config openssl.cfg
when it states writing new private key... the certificate request has been created and stored in the file rui.csr
openssl rsa -in rui-orig.key -out rui.key
after it states writing RSA key, the certification request has been completed.
-----BEGIN CERTIFICATE REQUEST-----
MIIDfTCCAmUCAQAwgbUxCzAJBgNVBAYTAkdCMSEwHwYDVQQIExhFYXN0IFJpZGlu
Br7JbQIDAQABoIGBMH8GCSqGSIb3DQEJDjFyMHAwCQYDVR0TBAIwADALBgNVHQ8E
BAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDcGA1UdEQQwMC6C
BmVzeDAwMYcEwKgKgIIeZXN4MDAxLmN5cnVzLWNvbnN1bHRhbnRzLmNvLnVrMA0G
RGVwYXJ0bWVudDEnMCUGA1UEAxMeZXN4MDAxLmN5cnVzLWNvbnN1bHRhbnRzLmNv
ZyBvZiBZb3Jrc2hpcmUxETAPBgNVBAcTCE1lbHRvbmJ5MScwJQYDVQQKEx5DeXJ1
cyBDb21wdXRlciBDb25zdWx0YW50cyBMdGQxHjAcBgNVBAsTFUVFIEFydGljbGUg
2N3ORv1IlinowpSNuTCj/+9hFN17ZZpxCL2Lwclki+9pHLjdQd6QMxbGa3n4kHyB
BdVLSMH82U2E1SkrUs9XXLJJ/tsx09mUCRT/mNr8Vbt1lWc0ioTkLvFENxXllbDc
LnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ5FVe3nsQ4Vbua9
xT7DRGrPlDREpDqHPfZ2Ohr+PCQCkrUagPywy8vYrhpTSD5zQrZd9em/B1LR34IO
GbmInJ3rACUs0Jova/WuL2YK+Ocdm6st/UUIIgRlrYWxzMbhRbKfYXfzqURIr+9U
2XajfqLm3K88zKdOtQqMEcu9Cgm4PBfk5zccUo3U0BxdR0OBSpWyNhRHiynsTEOC
kvX7mRnvNhdWyp5rOC7V53t2MVz7p2/5P0We2dueFC6hQPwwgwHSIdoNHVwNXt7T
Jpp0CIK54CZL6n43IvGo8VePry/W4WP6FTZ2ZN+SZnJrics4WtUE1/WtYAaV+Yts
CSqGSIb3DQEBBQUAA4IBAQC2O7iNovLSxna3so4sXmvRErprNiBnpoYUf7Dx+H0W
Yzekwz2vUSn+UY4tAbTZ+tdYmjVhiMyG8uhtLd095rJK022WBtQw+xSmL9JaEnu9
14nMaFAouRo/MS3iwP9LrzdNNgH2sjKnh8S5Wxkj0b+xeFRqmArUm5t4hWLKHT10
q8xKfr8rqXmDVooeT8u3st9Q6nzzuNCPS8p9/KdjM3Pd
-----END CERTIFICATE REQUEST------
-----BEGIN CERTIFICATE-----
MIIGjTCCBXWgAwIBAgIDDXp4MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
by51azExMC8GCSqGSIb3DQEJARYiaG9zdG1hc3RlckBjeXJ1cy1jb25zdWx0YW50
cy5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiwpzHe3b5k
14gkoKyEBRCRqbVtB4/AcXKLP/3sqm0ItWtCidROiYRojj1FIRF4ec/wgK4djb5L
oed9KJ+bsgZOfRi+nLI5pfew0Fjyl9jEj02WLMl++vcu6gmD1AZCpNafFiWVHz+I
Ey56BZhgLtSr8n9/7Jes86lQW3ElVTPSFSAmh1LgyY+PSBxaiSe+volugdaX33fL
4grg8wZr3H66cK6jNi7Xznlk8Ph2nfVmF3/T3qzUyii9DELVObr9O1wz9u3oZg2U
D9J6NeSKnJLPztbCyxJjsynvY0psuHA6HXawOIJ8tEPwWg3McDdAvPRiqxR2lm1D
KY2QIJ5hjN0CAwEAAaOCAvwwggL4MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMBMG
A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSkPU6eBa0eiMgLsEzHMWNh2bQg
hzAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTBCBgNVHREEOzA5gh5l
c3gwMDEuY3lydXMtY29uc3VsdGFudHMuY28udWuCF2N5cnVzLWNvbnN1bHRhbnRz
LmNvLnVrMIIBVgYDVR0gBIIBTTCCAUkwCAYGZ4EMAQIBMIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xp
Y3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFj
Y29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBv
ZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUg
aW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBh
LZaEK10rPEzeDPfPgefx2gjAdS6rZYspM7Sz5emZolX5osORynQ4ljhhROjbSGrf
A1NwRJig85qVbfBQhFWV2C502Pnj+ukg2GQKpHP3E4HZ0v40Eq9U50VHNopva926
9gBrnNssCGgfntFTQgh5KYY7YNeymCkGcgcBjps2cjvHz60N8idWgDX4PepNAECJ
SrwYOZouUfuscfsDC/mHCM/fl+eO4VphrLkwRdTHl8vbOi/AvvDR7vvfPAhssnb+
nA==
-----END CERTIFICATE-----
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (7)
Author
Commented:Commented:
Commented:
great article as usual Andrew. And I want to say : still valuable after 8 years!
I make this comment long after because I just had a situation with ESX 6.7 SSL certificate from custom CA, and it helped me, along with blogs and all VMware KBs related to the subject.
Thanks!
Author
Commented:Thanks for your kinds words
to be honest with you I had forgotten I had written an article about this, there are so many > 100 articles and videos.
I'm slowly re-publishing all the articles for 7.0, and also videos, so maybe I'll bring this one up to date and current!
This will be the next article for 7.0!
Andy
Commented:
Here are the 3 KBs I used yesterday on 6.7 :
https://kb.vmware.com/s/article/2113926
https://kb.vmware.com/s/article/2015387
https://kb.vmware.com/s/article/2112014
IMHO each KB was really incomplete without the others...
In my case I had a root MSCA with also an intermediate MSCA, and was already in hybrid mode with the vCSA part. So I add the ESX part and it worked fine.
View More