Search the VMware Knowledge Base (KB)
View by Article ID

Implementing CA signed SSL certificates with vSphere 5.0 (2015383)

  • 19 Ratings

Purpose

This article provides information on configuring Certificate Authority (CA) signed SSL certificates in a vSphere 5.0 environment. It helps you eliminate common causes for problems during certificate implementation, including configuration steps and details, and avoid common misconfigurations in the implementation of custom certificates in your environment.
 
Note: This article is specifically for vSphere 5.0. If you are using vSphere 5.1, see Implementing CA signed SSL certificates with vSphere 5.1 (2034833).

Resolution

Configuring CA signed certificates is a challenge with vSphere as with any complex enterprise environment. Securing an environment is a requirement in many large organizations. You need public certificates (such as Verisign, enterprise certificates, Microsoft CA, or OpenSSL CA) to ensure a secure communication. This article provides steps to allow configuration of these certificates on vSphere components in an environment.
 
Please validate each step below. Each step provides instructions or a link to a document that provides information on configuring the certificates in your environment.
 
Note: You do not need to follow all the steps. However, it is recommended that certificates are replaced for all components in a vSphere environment.

  1. To generate the certificate request, you must install and configure OpenSSL. For more information, see Configuring OpenSSL for installation and configuration of CA signed certificates in the vSphere environment (2015387).

  2. Configuring vCenter Server 5.0 certificates should be the first step in a deployment. In a new installation, it also reduces the amount of overhead required for implementation because hosts need not be reconnected to vCenter Server. In an existing configuration, ESXi hosts must be reconnected after configuring the certificate because the password used to connect to vCenter Server is encrypted with the certificate. At this point, vCenter Server should be installed and configured appropriately and all functions (such as, Web services including Hardware Status) should be functional. If they are not working before the configuration of the certificates, they will not work later. For more information, see Configuring CA signed certificates for VMware vCenter Server 5.0 (2015421).

  3. Configuring ESXi 5.0 Host certificates is different than previous releases due to the fact that ESXi has been secured and has no service console. For more information, see Configuring CA signed certificates for ESXi 5.x hosts (2015499).

If your issue persists even after trying these steps:

  • Collect the custom certificate configuration information, including the OpenSSL configuration file (normally openssl.cfg), rui.key, rui.crt, and rui.csr.
  • Gather the VMware Support Script Data. For more information, see Collecting diagnostic information for VMware products (1008524) .
  • File a support request with VMware Support, include the gathered information, and note this Knowledge Base article ID (2015383) in the problem description. For more information, see How to Submit a Support Request .

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 19 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 19 Ratings
Actions
KB: