Wednesday, September 9, 2009

HOWTO: Replace default VMWare VirtualCenter SSL certificate with Enterprise CA certificate

Requirements:
  • Enterprise CA (or Public CA)
1. Download and install OpenSSL (http://www.openssl.org) onto a PC in your domain
2. Navigate to OpenSSL\bin folder
3. Run the command "openssl req -new -nodes -out mycsr.csr -config openssl.cfg"
4. Follow the prompts. When asked to enter "Common Name (eg, YOUR name)" enter the FQDN of the VirtualCenter server.
5. Once complete, there are 2 files created in OpenSSL\bin folder: mycsr.csr and privkey.pem
6. Browse to your Enterprise CA web interface. eg http://enterpriseCA.domain.com/certsrv
7. Select "Request a certificate"
8. Select "advanced certificate request"
9. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."
10. Open mycsr.csr (should be in your OpenSSL\bin folder) in Notepad, copy and paste the contents in the "Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):" text field
11. Change the Certificate Template to "Web Server"
12. Click Submit
13. Once the certificate has been successfully issued, select "Base 64 encoded" then "Download certificate"
14. Save certnew.cer to a convenient location.
15. Browse to the folder on your VirtualCenter server: "C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL"
16. Backup existing files to another location just in case
17. Copy certnew.cer file and privkey.pem to this folder (both files will be in your OpenSSL\bin folder)
18. Rename certnew.cer file to rui.crt
19. Rename privkey.pem to rui.key
20. Restart VirtualCenter
21. Browse to the FQDN of the VCI. (http://vci.domain.com) and verify certificate is correct and working
22. All done.

----------------
Reference Documents:
http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

No comments: