Replacing vC Ops default certificate (or any other product for that matter…) is highly recommended.
With only four simple steps – your vC Ops can also be configured with CA-signed certificates.
Step 1 – Create certificate request
For this example – i used my Windows Server 2008 vCenter server in order to request a certificate from the internal CA.
Navigate to: Start -> Run ->MMC
Go to: File -> Add/Remove Snap-in and select Certificates -> Add -> Computer Account”
Next, navigate to Personal -> Certificates -> ‘Right Click’ -> All Tasks -> Request New Certificate
In this scenario, i’m using the same template that I use for Horizon View environment.
In the certificate properties – there are two small things that we need to do – first, under “Subject Name” we will change it to “Common Name” and enter the vC Ops UI FQDN address.
Second – under “Alternative Name”, we will change it to “DNS” and enter bot FQDN and non-FQDN (NetBIOS) of the vC Ops UI.
After hitting Apply, we’ll then choose the template again and click Enroll
Step 2 – Exporting the certificate
Now, we’ll select our newly created certificate and will export it by:
<Right Click on the certificate> ->all Tasks -> Export
Make sure that exporting the private key option is selected
and also the “Personal Information Exchange – PKCS#12 (.PFX).
Enter a password for the private key – don’t forget it since we’ll use it when converting the .PFX file to .PEM (Step 3)
Name the exported certificate and select destination
With that – we can continue now to step 3.
Step 3 – Convert the .PFX to .PEM
The thing with vC Ops certificate, is that we can only use .PEM format.
We’ll convert the .PFX file to .PEM file using the OpenSSL utility
luckily, i already got it installed on my vCenter – so it’s quit convenient that the all process is done from my vCenter.
Navigate to C:<OpenSSL_Folder>bin and run the follwing command:
openssl.exe pkcs12 -in C:”.PFX_File_From_Step2″ -out C:”Name_the_file.pem” -nodes
After hitting the Enter button – you’ll be asked to enter the password which you entered in the previous step
it should look like something like this:
and now – for the final step!
Step 4 – Importing .PEM certificate into vCenter Oprations Manager
Using your browser , launch the vC Ops admin portal (“http://vCops_Name/admin”)
After login – navigate to “SSL” tab
Using the “Browse” button – select the .PEM file which you’ve created in Step 3.
Once selected – click install
and we are D-O-N-E!
As you can see in the attached screenshot – you can verify the installation proces whithin the SSL Certificate Information
Now – when login to the vC Ops, we’re no longer receving the SSL certificate warning and it’s all secured!
That’s all for now!
As you can see – with just four quick steps, we’ve got our vC Ops working with CA-signed certificate instead of the self-signed one.
Have a great week!