To generate certificates suitable for VMware vCenter Server, you will need to create a new certificate template on your certificate authority on Windows Server.
To do this, open the "Certification Authority" console on your server on Windows Server and right-click "Manage" on "Certificate Templates".
To get started, duplicate the "Web Server" template.
In the "Properties of New Template" window that appears, go to the "Compatibility" tab.
For the "Certification Authority" option, select "Windows Server 2008 R2" at most.
Otherwise, a new version 4 certificate template will be created. Which means that it will not be available in the web interface of your certification authority on Windows Server.
Source : Windows Server 2012: Certificate Template Versions and Options.
A "Resulting changes" window appears following the modification of the "Certification Authority" compatibility.
Click OK.
Then, for the certificate recipient, select "Windows 8 / Windows Server 2012".
Note: this supports an encryption algorithm higher than SHA1. Which should be the case for you since SHA1 causes a warning to be displayed with Microsoft's "Edge" web browser.
Indeed, Edge considers the SHA1 algorithm to be weak.
Again, a "Resulting Changes" window appears.
Click OK.
Note: as you can see, the "Base Constraints" extension will be added to this template.
Which is one of the prerequisites described by VMware for the certificate template to create.
Once you make these changes, you should get this.
Note that the most important thing is that the recipient of the certificate is: Windows 8 / Windows Server 2012.
In the "General" tab, specify "vSphere 6.x" as the full template name.
Which will also change the template name to "vSphere6.x" (in other words, the same thing without the spaces).
In the "Extensions" tab, select "Application Policies" and click "Edit".
In the "Edit Application Policies Extension" window, remove the "Server Authentication" application policy that is currently present.
If applicable, also remove client authentication if it is also present.
Then click OK to close this window.
In this "Extensions" tab, this time select "Basic Constraints" and click on "Edit".
In the "Edit Base Constraint Extension" window, check the "Enable this extension" box and click OK.
This time, select "Key Usage" and click "Edit."
In the "Edit Key Usage Extensions" window that appears, check the "Signature is proof of origin (nonrepudiation)" box and click OK.
Note: leave the other options as default.
Finally, in the "Subject Name" tab, verify that the "Supply in the request" option is selected and click OK.
The new "vSphere 6.x" certificate template created appears in the complete list of certificate templates.
For this new template to be usable, you must first right-click "New -> Certificate Template to Issue" on "Certificate Templates".
Select the "vSphere 6.x" certificate template from the list and click OK.
This new "vSphere 6.x" certificate template appears in the "Certificate Templates" folder.
To obtain a valid SSL certificate for your VMware vCenter Server (VCSA), you must first create a certificate signing request (CSR).
To do this, in the "Machine SSL Certificate" section, click on the "Actions -> Generate Certificate Signing Request (CSR)" link for the "__MACHINE_CERT" certificate.
A "Generate CSR" window appears.
Fill in the different fields offered:
Once you have provided the information, click Next.
Note: if necessary, refer to the prerequisites indicated by VMware: Replace Machine SSL Certificate with Custom Certificate.
The certificate request to submit to your certification authority on Windows Server appears.
Plain Text
-----BEGIN CERTIFICATE REQUEST----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.... -----END CERTIFICATE REQUEST-----
VMware 6/29/2022
VMware 8/2/2024
VMware 8/23/2024
VMware 2/14/2024
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
No comment