Bobby Batts
asked on
Managing Certificates in VMWare ESXi Host Environment
I am having problems trying to manage certificates across my infrastructure. I am new to this role of certificate management and I have inherited an environment with invalid certificates that are disparate across the enterprise. I need some input on how to manage certificates to avoid replacing invalid certificates and to avoid replacing certificates on a random basis.
Thank you in advance for your support.
Lipotech
Thank you in advance for your support.
Lipotech
There is a tool called vcenter certificate manager to automate your task, like signing them with central authority etc.
ASKER
After discussing this solution with my colleagues, it was determined that vCenter Certificate Manager will replace its on self signed certificate during the replacement process. My entity is a self-signed certificate authority and do not have a way, to the best of my knowledge, to force the VMCA to replace our self-signed certificates on the vSphere host. Are our assumptions correct, if so, is there a way to get around this limitation.?
Thank you,
Lipotech
Thank you,
Lipotech
it can generate long list of csr-s
it can import wildcard cert to all insfrastructure
it can act as intermediate CA
Can you detail on what is Self-Signed CA?
it can import wildcard cert to all insfrastructure
it can act as intermediate CA
Can you detail on what is Self-Signed CA?
ASKER
The Company is currently operating vCenter with self-signed certificates on ports 7444 and 636. With the architectural change in vSphere from 5.5 to 6.0, the vCenter server was designed to front end the services’ certificates with a built-in Certificate authority (Self-Signed). Our standards are higher and we need to correct this problem once resolution is found. Both Prod and DR vcenter and host servers are affected.
See below for references regarding certificates in vSphere 6.
Replacing default certificates with CA signed SSL certificates in vSphere 6.x (2111219)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2111219
Where vCenter 6.0 Uses Certificates
http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-3AF7757E-A30E-4EEC-8A41-28DA72102520.html
I am not sure if there is a resolution for this problem. But, any feedback would be helpful.
Lipotech
See below for references regarding certificates in vSphere 6.
Replacing default certificates with CA signed SSL certificates in vSphere 6.x (2111219)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2111219
Where vCenter 6.0 Uses Certificates
http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-3AF7757E-A30E-4EEC-8A41-28DA72102520.html
I am not sure if there is a resolution for this problem. But, any feedback would be helpful.
Lipotech
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.