An overview of Certificates and SSL in VMware vSphere Environments

Here in this post I just tried to make you understand and answer the following few questions that we usually talk in our day to day jobs.

The certificates  plays a very major role in securing the sessions with either the signed and self-signed certificates and in some troubleshooting scenarios we had to re-generate the certificates to fix a problem and there might be scenarios we had to renew the CA certificates when they get expired. So I just tried explaining the basic of certificates, and answered few questions.

So Here are the Questions:

  • What is the Certificate?
  • What are the different type of certificates we have?
  • Why do we need to use the certificate VMware environments?
  • VMware SSL certificates 
  • How does the SSL Certificates works?

What is Certificate?

A certificate is a digital/electronic credentials used to verify and certify the identity of the individual or a computer and other entities on the network. Certificate is an electronic document containing identity information about an individual or computer.

Digital certificates function very much similar to the identification cards such as passports and ID Cards, which were issued by recognized government authorities, where the digital certificates are issued by recognized certification authorities (CAs).

This means that the digital certificate can be used to verify the identity of its owner and also helps verify on the quality of the contents of the certificate.

With this you have got an idea of what the certificate is.

What are the different Types of Certificates available?

Self-Signed Certificates:

Self-signed certificate is an identity certificate that is signed by the same entity whose identity is certifies. One example is that the certificate created by VMware vCenter Server and ESXi

CA Signed Certificates:
A certificate authority or certification authority (CA), is an entity that issues digital certificates.

The client uses the CA certificate to verify the CA signature on the server certificate, as part of the checks before establishing a secure connection. Trusted certificates are typically used to make secure connections to a server over the Internet. A certificate is required in order to avoid the man-in-the-middle attack.

Why do I need the Certificates for my environment?

The reasons for using the self-signed/Signed certificate is for:
  • Authentication
  • Encryption
  • Data integrity

What is the difference between the Self-signed Certificate and Signed Certificates?

With the self-signed/CA certificates the encrypted communication will happen between the components like the vCenter server and the ESX Servers.

The Self-signed certificate is signed by its owner. Self-signed certificates generally utilized for testing local servers and this certificate doesn’t carry the identity of the person or organization. Self-signed certificate deliver a little security to data that flows in the tunnel between browser and server hence anyone with wrong intentions can harm a server.

Signed certificate is an authorized certificate issued by trustworthy certificate authority. The Secure Socket Layer is utilizing to encrypt the data between the web server and client’s browser. When client visits site it shows in address bar about the authenticity of website. It boosts confidence of customer. The information flows in tunnel is secure. The most common certified authorities are Symantec , Thawte , RapidSSL , GeoTrust etc. Both certificates provide encrypted technology but authority only verified Signed certificate.

How does the SSL works?

A browser requests a secure page (usually https://).
  1. The web server sends its public key with its certificate.
  2. The browser checks that the certificate was issued by a trusted party, that the certificate is still valid and that the certificate is related to the site contacted.
  3. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
  4. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
  5. The web server sends back the requested html document and http data encrypted with the symmetric key.
  6. The browser decrypts the http data and html document using the symmetric key and displays the information.

I hope this is informative for you and thank you for reading. 

Leave a Reply