Source: https://virtham.us/posts/f/vcert
Nize je priklad postupu pro vymenu VMCA certifikatu za certifikat podepsany CA.
Replace VMCA certificate
with a CA-signed certificate
1. Login to
vCenter management console as root and run vCert utility (download from Google Drive).
2. Select:
--> 3.
Manage certificates
--> 12.
VMCA certificate
--> 3.
Replace VMCA certificate with a CA-signed certificate
--> 1.
Generate Certificate Signing Request and Private Key
Certificate
Signing Request Information [VMCA]
-----------------------------------------------------------------
Enter
the country code [US]: CZ
Enter
the Organization name []: Cloud4com
Enter
the Organizational Unit name [VMware Engineering]: C4T
Enter
the state [California]: Prague
Enter
the locality (city) name [Palo Alto]: Prague
Enter
the IP address (optional):
Enter
an email address (optional): support@cloud4com.com
Enter
any additional hostnames for SAN entries (comma separated value):
Enter
a value for the CommonName of the certificate [CA]: PRG03T1-VC01-CA
Include
host short name (prg03p1-vc01) as a Subject Alternative Name entry? [n]: n
The
following items will be added as Subject Alternative Name entries on the 'VMCA'
Certificate Signing Request:
prg03t1-vc01.c4t.loc
If
you want any additional items added as Subject Alternative Name entries, enter
them as a comma-separated list (optional):
Certificate
Signing Request generated at
/root/vCert-master/20240910/requests/vmca-20240910113729.csr
Private
Key generated at /root/vCert-master/20240910/requests/vmca-20240910113729.key
3. Open https://c4t-ca01.c4t.loc/certsrv and issue
new certificate using the generated Certificate Signing Request and C4T
Subordinate CA template.
4. Download the
certificate in Base64 encoding.
5. Copy the
content of the issued certificate to vCenter console (vi
/root/vCert-master/20240910/requests/vmca-20240910113729.pem).
6. Copy the
content of the TEST ROOT CA certificate to vCenter console (vi
/root/TEST_ROOT_CA.pem).
7. Run vCert
utility again and select:
-->
3. Manage certificates
-->
12. VMCA certificate
-->
3. Replace VMCA certificate with a CA-signed certificate
-->
3. Import CA-signed Certificate and Key
8. Enter path to
certificate and CA certificate:
Provide
path to the CA-signed VMCA certificate: /root/vCert-master/20240910/requests/vmca-20240910113729.pem
Provide
path to the Certificate Authority chain: /root/TEST_ROOT_CA.pem
Certificate
Verification
-----------------------------------------------------------------
Verifying
certificate and
key:
OK
Verifying
CA
certificate:
OK
Backing
up certificate and private
key
OK
Reconfigure
VMCA
OK
Publish
CA certificates to
VMDir
OK
9. Enter
Certificate Signing Request information for vCenter certificates (Machine
certificate, Solution user certificates, STS Signing certificate):
Certificate
Signing Request Information
-----------------------------------------------------------------
Enter
the country code [US]: CZ
Enter
the Organization name [VMware]: Cloud4com
Enter
the Organizational Unit name [VMware Engineering]: C4T
Enter
the state [California]: Prague
Enter
the locality (city) name [Palo Alto]: Prague
Enter
the IP address (optional):
Enter
an email address (optional): support@cloud4com.com
10. Now all
certificates replacement procedure should start and proceed automatically.
11. Restart
VMware services:
Restart
VMware services [no]: yes
No comments:
Post a Comment