Martin Andel
asked on
SSL certificate for vCenter appliance
Hi everyone,
I have a vCenter 6.5 linux appliance that I need to install an SSL certificate into. The problem is that I have very little knowledge about the workings of this, so most articles I find on internets aren't very helpful. Mainly because they expect to have a lot of pre-requisites in place that we do not seem to have.
The vCenter server is in an AD domain environment and uses an AD authentication (LDAP server identity source) for SSO. To my knowledge, some of our web servers are certified with a 3rd party issued wildcard certificate, that covers both the tld "mycompany.com" and the AD local subdomain "ad.mycompany.com". There is no internal CA installed on our Domain Controllers and I am unsure whether that is something that's required to be in place in order to certify the vCenter.
The wildcard certificate I have is in a format of a "pfx" file with a password authentication.
What is the easiest / quickest way to go about it?
I have a vCenter 6.5 linux appliance that I need to install an SSL certificate into. The problem is that I have very little knowledge about the workings of this, so most articles I find on internets aren't very helpful. Mainly because they expect to have a lot of pre-requisites in place that we do not seem to have.
The vCenter server is in an AD domain environment and uses an AD authentication (LDAP server identity source) for SSO. To my knowledge, some of our web servers are certified with a 3rd party issued wildcard certificate, that covers both the tld "mycompany.com" and the AD local subdomain "ad.mycompany.com". There is no internal CA installed on our Domain Controllers and I am unsure whether that is something that's required to be in place in order to certify the vCenter.
The wildcard certificate I have is in a format of a "pfx" file with a password authentication.
What is the easiest / quickest way to go about it?
ASKER
So, my understanding is that the vCenter expects the certificate in a different format, other than "pfx". How do I convert it into whatever files the appliance needs?
ASKER
Excuse my ignorance but could you please elaborate on that a bit? Thanks!
You have to use the OpenSSL package to manipulate the pfx file you have, and the private key from the CSR request made from the appliance.
Just a point, I've remembered VMware does not support the use of wildcard certificates.
Just a point, I've remembered VMware does not support the use of wildcard certificates.
ASKER
Is that for certain? The guy in this article claims it's possible?
ASKER
And if it wasn't possible, how much of an invasive surgery would it be to install the CA role on one of our domain controllers? I really don't want to break anything in the Active Directory, but thinking about it the vcenter does not have to be accessible from outside the company. I just want to clear out the certificate errors when accessing the vcenter Web gui via a browser from the domain PCs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
or install the certificate for that!
Do you mean the vcenter's own self-signed one?
That's correct!
Depends on your company's Security and Governance Policy, and "Man in the Middle Attacks" and if they think the VMware Self-Signed Certificate is a Risk to your Organisation!
Depends on your company's Security and Governance Policy, and "Man in the Middle Attacks" and if they think the VMware Self-Signed Certificate is a Risk to your Organisation!
ASKER
As the vCenter is only meant to be accessible from within our AD, I guess it makes sense not to waste anymore time or money on it. The self-signed cetificate will have to do. Thanks!
Which bit are you struggling with ?