- vCloud Automation Center – vCAC 6.0 – Overview and distributed architecture
- vCloud Automation Center – vCAC 6.0 – Generate Certificates
- My vCAC Journey: Deploy & Configure PostgreSQL
- My vCAC Journey: Deploy & Configure Identity Appliance
- My vCAC Journey: Deploy & Configure 1st vCloud Automation Center Appliance
- My vCAC Journey: Deploy & Configure 2nd vCloud Automation Center Appliance
Based on an earlier script I created to create all necessary files to replace the certificates for vCenter I thought I’d apply the same process to vCAC 6. I have to say thank you to Grant Orchard who helped me understand the vCAC 6 certificate creation requirements here.
I came up with the following PowerShell script; it will generate the OpenSSL configuration files using user defined common name and the subject alternate names. It will submit the CSR to your internal Microsoft CA to mint the certificates, it will create the pfx files then generate the necessary pem certificate chain required by vCAC6.
To use this script you’ll need the following;
- The base certificate directory to be created. I’d advise something like C:certificatesvCAC6 to keep the files nice and organized.
- OpenSSL 0.9.8 installed
- Have read and enroll permissions on the Microsoft CA template you wish to use
- PowerShell ExecutionPolicy set to Unrestricted to allow this script to run.
|Date:||July 15, 2015|
For the Identity Appliance certificate enter the FQDN of the vApp when prompted for the common name. When prompted for the subject alt names enter at least the IP address of the system.
Copy and paste the content of the file called rui.key into the “RSA Private Key” textbox, and the content of rui.pem into the “Certificate Chain” text box.
You need to ensure that each common name is also entered as a subject alt name – I could not validate my certificates without performing this step. This was also confirmed though a call with VMware support.
Trackback from your site.