Replacing VMware vCenter server default (self signed) certificate
Note : I personally recommend creating and importing certificates before installing View 5.1 , you can save yourself plenty of heart aches trying to get everything to work after you've installed View and nothing works. If you create and import certs first, then during the install you can choose the signed certificate instead of creating a self signed default one.
What you will need :
1 - A CA Server, in my case I installed the following role on a Windows 2008 R2 AD controller :
- Certification Authority
- Certification Authority Web Enrollment
2 – OpenSSL to create certificates, you can download Win32 OpenSSL 1.0.1c or Win64 OpenSSL.
Once everything is ready :
3 – We generate the private key and the .csr file: (first set the environment variable in a command prompt window, use the following command :
SET OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg)
4 - Then create the cert request file
# openssl.exe req -newkey rsa:2048 -keyout <hostname>.key -nodes -days 3650 -out <hostname>.csr
Example :
Note: I didn’t set anything for « Challenge password » or for « An optional company name » and be careful to put the fqdn of View Connection Server to the « Common Name »
5 -After editing the file <hostname>.csr and making a « copy » of its contents, connect to the server certificate using IE or Firefox (or what ever you want):
6- Select : « Advanced certificate request »
7 - Select: « Submit a certificate request ….. »
8 - Paste the content of the .csr file and select « Web Server » as template.
9 - Retrieve the signed certificate and name it <hostname>.crt (Select Base 64 encoded) :
10 - Copy the file to C:\OpenSSL-Win32\bin\
Execute the following command :
openssl.exe pkcs12 -export -in <hostname>.crt -inkey <hostname>.key -name vdm -passout pass:testpassword -out <hostname>.pfx
Example :
11 - Now copy the generated <hostname>.pfx file onto the View Connection Server, any folder on desktop but remember where the location of the file is, and :
Start mmc:
12 - Add Snap-In « Certification »
13 - Choose « Computer account » then « Local Computer »
14 - Import <hostname>.pfx certificate :
15 - Type password (testpassword)
And then rename the « Friendly Name » of the previous certificate to what you want (vdmold in my case)
Now restart the « VMwareVDMDS » (Restarting this services will restart all View Services).
Now do the same thing for all View Connection Server, View Security Server, Composer (for this one there is no « Friendly Name »).
