Configuring OpenSSL for installation and configuration of CA signed certificates in the vSphere environment (2015387)
- Ensure that the Microsoft Visual C++ 2008 Redistributable Package (x86) is installed on the system on which you want to generate the requests. To download the package, see the Microsoft Download Center.
- Download the Shining Light Productions installer for OpenSSL x86 (version 0.98r or later) at http://www.slproweb.com/products/Win32OpenSSL.html. This is a software developed from the OpenSSL Project.Download Win64 OpenSSL v1.0.1e Light for 64-bit Windows
- Launch the installer and proceed through the installation and note the appropriate directory for later use. By default, it is located at c:\OpenSSL-Win32.
After this program is installed, you must configure it to issue vSphere certificates.
Note: The preceding links were correct as of March 16, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.
- Take a backup of the openssl.cfg file. By default, this file is located at the c:\OpenSSL-Win32\bin directory.
- Replace the contents of the file with:
Note: Replace the code in Red with the details of the server that you are configuring.
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vc50, DNS:10.0.0.10, DNS:vc50.vmware.com
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = NY
localityName = New York
0.organizationName = VMWare
organizationalUnitName = vCenterInventoryService
commonName = vc50.vmware.com
- Save and close the file.
The installation is now set to configure a certificate for the server that you have entered in the file. You can repeat this configuration by creating separate files for each server request or by not specifying a value. If you do not specify a value, OpenSSL prompts you for the information.
Note: The preceding modified file will not prompt you for information because all information is configured within the file.
- Implementing CA signed SSL certificates with vSphere 5.0
- Implementing CA signed SSL certificates with vSphere 5.1