Now for the fun part – certificates have always been a pain to get right the first time during a vCenter installation. I have used the great guide & scripts created by Derek Seaman in the past, but I wanted something a little bit more automatic that can be used by other admins with little/no experience in performing this task if necessary.
I came up with the following PowerShell script; it will create the CSRs from custom OpenSSL configuration files which include a user defined common name and the subject alternate names. It also will submit the CSR to your internal Microsoft CA to mint the certificates before it creates the PFXs needed for a manual certificate installation (If you are using the certificate automation tool form VMware these files are not needed, but more on that later).
To use this script you’ll need the following;
- The base certificate directory to be created. I’d advise something like C:certificatesvcenter or C:vccerts to keep the files nice and organized.
- OpenSSL 0.9.8 installed
- Have read and enroll permissions on the Microsoft CA template you wish to use
- PowerShell ExecutionPolicy set to Unrestricted to allow this script to run.
|Date:||July 15, 2015|
Once you are ready to generate your certificates its a relatively simple process;
- Open a PowerShell command prompt with elevated rights, while logged in as the user with rights to the CA template you wish to use.
- Run the script answering the prompts made to you.
- Be sure the enter the right common names/subject alt names for the vcenter component being processed.
- Be sure to follow the on-screen directions when creating the root & subordinate CA certs required by the script.
If you have any issues with the script please let me know and I’d be happy to try and help you out.
Once the script has completed you are done and the certificates are ready for installation… I’ll cover this in a future part of this series – stay tuned!
Trackback from your site.