Piszki Lab | EN

My case study in the clouds…

VMware Lab, Part 2: SSL Certificates in vCenter (with an emphasis on vCSA)

| 3 Comments

Now that we have in our LAB nested ESXi servers, it’s time to install vCenter. Installing the “big” vCenter is not difficult , but in LAB, easier and faster is to install vCenter Server Appliance (vCSA). It is difficult to even talk about installing, just deploy the appliance. It is so simple that it will not be the subject of this entry (same as the initial setup). There is one topic that makes the vSphere huge problems, they are SSL certificates. The whole environment is based on SSL, and there is absolutely no sense to use vSphere with the default, self-signed certificates. Fortunately, as I have sometimes written, there are people on the Internet that make life easier. One of these people is Derek Seaman, who created the script, which is an extension of the functionality offered by the VMware SSL Automation Tool. With this script, generating and installing SSL certificates in vCenter, it takes just a few minutes (especially if you have enabled OCSP in Microsoft CA). However, as you can guess, this script in PowerShell fully automates the installation of certificates only in vCenter installed on Windows Server. The same applies to VMware SSL Automation Tool, as now, there is no version supporting vCSA. Is there a solution?

VMware-vSphere-Lab-Virtual-Edition-–-Part-6-Installing-vCenter-35

A is Smile

A few years ago (at a time when virtualization remind me as “zones” in Solaris 10) wrote the script in bash, which is a fully functional CA based on OpenSSL. Today I pulled it from junk and were extended with full support of VMware. With its help, you can bet the Root or Intermediate CA. Generate a key/certificate signing request certification for servers or users. You can also automatically generate and install SSL certificates in vCSA (to use this function, you need to upload the script to vCSA). You can also generate a key/certificate for any VMware service (certificate will contain all the required extensions). Action is needed to any linux, bash and openssl (automatic SSL installation on ESXi requires vCenter CLI on Linux).

All you need to pre-configure, is described in the readme.txt file, and the script can be found HERE .

Was this information is helpful? Tell me, please leave a comment!

Source

Rate this article:
[Total: 1    Average: 5/5]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

3 Comments

  1. Hello Piotr

    Is it possible to generate certificates with ssl-providers like godaddy.com with your script?

    Thank you,
    Simon

    • I think so. In the catalog ca/req You have csr files, that you can use in godaddy.com or else. Another question is whether godaddy.com accept appropriate extension (subjectAltName). You need to check this yourself :-)

      Regards,
      Piotr

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.