Here in this post I am writing about the VMware components that require the certificates, and how to create the CSR using the open SSl. Each of the following components needs the unique Signed/self-signed certificates, hence we Install and configure the certificate for the following VMware vSphere components:
- ESXi host
- vCenter components
- vCenter Server
- Inventory Service
- Web Client Service
- Log Browser
- VMware vCenter Update Manager
- Create a certificate-signing request (CSR).
- Generate a certificate from the CSR.
Create Certificate-Signing Requests (CSR) for vCenter Server using openssl
- Install all the pre-requisites for the openSSL and then install the openSSL application.
- Now use the openssl. cnf file as the template for creating Certificate-Signing Requests (CSR). What this means is that use the openssl.cnf file to create a multiple CSR’s for each of the above mentioned components (for ESXi, vCenter, Web Client, etc.)
- This “openssl. cnf“file can be found at C: \<OpenSSL_Install_Dir\bin Folder
- Generate the RSA key for the vCenter Server system and the CSR.
openssl req -new -nodes -out mycsr.csr -config openssl.cnf
- When prompted, type the fully qualified host name as the system’s common Name.
- Send the certificate request to the commercial certificate authority of your choice and wait for the return of the signed certificate. Or, sign the request using your local root certificate authority:
- At the prompt, type the password needed to access the root key.
- You have a new generated and signed rui.crt for the specified system, and the private key for the system (rui.key).