Search the VMware Knowledge Base (KB)
View by Article ID

Obtaining vSphere certificates from a Microsoft Certificate Authority (2112014)

  • 25 Ratings
Language Editions

Purpose

The purpose of this article is the explain how to provide a certificate signing request to a Microsoft Certificate Authority (CA) and generate a certificate.

Resolution

To obtain vSphere certificates from a Microsoft Certificate Authority:

Note
: The VMCA requires that the certificate have a valid date of at least 24 hours prior.
  1. Log in to the Microsoft CA certificate authority Web interface. By default, it is http://CA_server_FQDN/CertSrv/.
  2. Click the Request a certificate (.csr ) link.
  3. Click advanced certificate request.
  4. Click the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file link.
  5. Open the certificate request (typically rui.csr) in a plain text editor and copy from -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST----- into the Saved Request box.

    Example:

    -----BEGIN CERTIFICATE-----
    MIIFxTCCBK2gAwIBAgIKYaLJSgAAAAAAITANBgkqhkiG9w0BAQUFADBGMRMwEQYK
    CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGbW5uZXh0MRcwFQYDVQQD
    Ew5tbm5leHQtQUQtMS1DQTAeFw0xMzAyMDExNjAxMDNaFw0xNTAyMDExNjExMDNa
    SMhYhbv3wr7XraAnsIaBYCeg+J7fKTFgjA8bTwC+dVTaOSXQuhnZfrOVxlfJ/Ydm
    NS7WBBBFd9V4FPyRDPER/QMVl+xyoaMGw0QKnslmq/JvID4FPd0/QD62RAsTntXI
    ATa+CS6MjloKFgRaGnKAAFPsrEeGjb2JgMOpIfbdx4KT3WkspsK3KPwFPoYza4ih
    4eT2HwhcUs4wo7X/XQd+CZjttoLsSyCk5tCmOGU6xLaE1s08R6sz9mM=
    -----END CERTIFICATE-----


  6. Select the appropriate Certificate Template. For more information, see:

    Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 5.x (2062108)
    Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009)

  7. Click Submit to submit the request.
  8. Click Base 64 encoded on the Certificate issued screen.
  9. Click the Download Certificate link.
  10. Save the certificate as rui.crt in the appropriate c:\certs\service directory.
  11. Repeat Steps 2 to 10 for each additional services/certificates.
  12. Navigate back to the home page of the certificate server and click Download a CA certificate, certificate chain or CRL.
  13. Select the Base 64 option.
  14. Click the Download CA Certificate chain link.
  15. Save the certificate chain as cachain.p7b in the c:\certs folder.
  16. Double-click the cachain.p7b file to open it in the Certificate Manager.
  17. Navigate to C:\certs\cachain.p7b > Certificates.
  18. Right-click the certificate listed and click All Actions > Export.
  19. Click Next.
  20. Select Base-64 encoded X.509 (.CER), and then click Next.

    Note: Step 21 assumes there are no intermediate certificates in the Certificate Authority. If there are two or more levels of Certificate Authorities, before exporting the certificate into Base-64 encoded X.509 (.CER), if you have multiple certificates on the.p7b file, you cannot export them to Base64 at the same time; you must export each intermediate certificate to a separate file. For example, create files named C:\certs\interm64-1.cerC:\certs\interm64-2.cerC:\certs\Root64.cer. After completion, concatenate the certificates into a single file named cachain.cer

    -----BEGIN CERTIFICATE-----
    MIIFxTCCBK2gAwIBAgIKYaLJSgAAAAAAITANBgkqhkiG9w0BAQUFADBGMRMwEQYK
    CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGbW5uZXh0MRcwFQYDVQQD
    Ew5tbm5leHQtQUQtMS1DQTAeFw0xMzAyMDExNjAxMDNaFw0xNTAyMDExNjExMDNa <-----Intermediate 1 Certificate
    SMhYhbv3wr7XraAnsIaBYCeg+J7fKTFgjA8bTwC+dVTaOSXQuhnZfrOVxlfJ/Ydm
    NS7WBBBFd9V4FPyRDPER/QMVl+xyoaMGw0QKnslmq/JvID4FPd0/QD62RAsTntXI
    ATa+CS6MjloKFgRaGnKAAFPsrEeGjb2JgMOpIfbdx4KT3WkspsK3KPwFPoYza4ih
    4eT2HwhcUs4wo7X/XQd+CZjttoLsSyCk5tCmOGU6xLaE1s08R6sz9mM=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIDZzCCAk+gAwIBAgIQNO7aLfykR4pE94tcRe0vyDANBgkqhkiG9w0BAQUFADBG
    K73RIKZaDkBOuUlRSIfgfovUFJrdwGtMWo3m4dpN7csQAjK/uixfJDVRG0nXk9pq
    GXaS5/YCv5B4q4T+j5pa2f+a61ygjN1YQRoZf2CHLe7Zq89Xv90nhPM4foWdNNkr <-----Intermediate 2 Certificate
    /Esf1E6fnrItsXpIchQOmvQViis12YyUvwko2aidjVm9sML0ANiLJZSoQ9Zs/WGC
    TLqwbQm6tNyFB8c=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIDZzCCAk+gAwIBAgIQNO7aLfykR4pE94tcRe0vyDANBgkqhkiG9w0BAQUFADBG
    K73RIKZaDkBOuUlRSIfgfovUFJrdwGtMWo3m4dpN7csQAjK/uixfJDVRG0nXk9pq
    GXaS5/YCv5B4q4T+j5pa2f+a61ygjN1YQRoZf2CHLe7Zq89Xv90nhPM4foWdNNkr <-----Root Certificate
    /Esf1E6fnrItsXpIchQOmvQViis12YyUvwko2aidjVm9sML0ANiLJZSoQ9Zs/WGC
    TLqwbQm6tNyFB8c=
    -----END CERTIFICATE-----

    Note
    : There must be no text before the -----BEGIN CERTIFICATE----- or after the -----END CERTIFICATE----- in the .crt or .cer files.

  21. Save the export to C:\certs\Root64.cer and click Next.
  22. Click Finish.

See Also

Language Editions

ja,2115929;zh_cn,2148508

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 25 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 25 Ratings
Actions
KB: