Link to home
Start Free TrialLog in
Avatar of Bobby Batts
Bobby BattsFlag for United States of America

asked on

Managing Certificates in VMWare ESXi Host Environment

I am having problems trying to manage certificates across my infrastructure.  I am new to this role of certificate management and I have inherited an environment with invalid certificates that are disparate across the enterprise.  I need some input on how to manage certificates to avoid replacing invalid certificates and to avoid replacing certificates on a random basis.

Thank you in advance for your support.

Lipotech
Avatar of gheist
gheist
Flag of Belgium image

There is a tool called vcenter certificate manager to automate your task, like signing them with central authority etc.
Avatar of Bobby Batts

ASKER

After discussing this solution with my colleagues, it was determined that vCenter Certificate Manager will replace its on self signed certificate during the replacement process.  My entity is a self-signed certificate authority and do not have a way, to the best of my knowledge, to force the VMCA to replace our self-signed certificates on the vSphere host.  Are our assumptions correct, if so, is there a way to get around this limitation.?

Thank you,

Lipotech
it can generate long list of csr-s
it can import wildcard cert to all insfrastructure
it can act as intermediate CA

Can you detail on what is Self-Signed CA?
The Company is currently operating vCenter with self-signed certificates on ports 7444 and 636.  With the architectural change in vSphere from 5.5 to 6.0, the vCenter server was designed to front end the services’ certificates with a built-in Certificate authority (Self-Signed).  Our standards are higher and we need to correct this problem once resolution is found.  Both Prod and DR vcenter and host servers are affected.

See below for references regarding certificates in vSphere 6.

Replacing default certificates with CA signed SSL certificates in vSphere 6.x (2111219)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2111219

Where vCenter 6.0 Uses Certificates
http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-3AF7757E-A30E-4EEC-8A41-28DA72102520.html

I am not sure if there is a resolution for this problem.  But, any feedback would be helpful.

Lipotech
ASKER CERTIFIED SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial