VMware Support Alert – Implementing CA signed SSL certificates with vSphere 5.1

In our effort to provide our viewers with up to the minute information on VMware related news and topics, we’re posting the following Special Alert direct from VMware Support Insider.

SSLOne of the most common things we see in VMware Global Support Services (GSS), regardless of product, version, or customer, is the need to implement custom certificates. This could be for a number of reasons:

  • Security
  • To get rid of the warning when you first login
  • You like a challenge

Whatever the case may be, in vSphere 5.1, the process has changed due to the addition of vCenter Single Sign On (SSO), which adds complexity to the procedure. This is because the majority of services register themselves to SSO. As a result of changing the certificates, the services also need to be re-registered.

As a result of repeated question from customers coming in on this, we gathered our Professional Services, Engineering, and Technical Writers to develop the following Resolution Path to guide you through the various steps through to completion (you can read more about resolution path articles here).

Resolution Path Article:

Child articles in the resolution path are:

Note: It is recommended that you follow the articles in the sequence provided as many steps are dependent on each other.

We have also created an article with the steps for vCenter Server Appliance 5.1:

Finally, we have updated these vSphere 5.0 articles thanks to feedback received on them:

Note: The vCenter Service fails to start up issue is now resolved in vCenter Server 5.1.0a. For more details, refer to KB article:
vCenter Server Services hang on startup after upgrading to vCenter Server 5.1 (2035623).

We hope that this helps everyone through their SSL implementation. If you find any errors or anomalies, there’s a feedback form at the bottom of every article. We will be keeping an active eye on your feedback!

Created on October 31, 2012 by Rick Scherer

Posted under Alert, Security, vCenter, vSphere.

This blog has 4,666 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

5 Comments so far

  1. Tom
    4:00 pm on October 31st, 2012

    Must they be certs purchased from a company??
    Can we use self-signed certs??
    Thank you, Tom

  2. Rick Scherer
    4:45 pm on October 31st, 2012

    Tom, you can use self-signed certificates but there are some caveats that you need to be aware of. This includes the necessity of requiring separate certs for a number of vCenter services, as well as a potential issue if you’re using the default Microsoft CA with the default “Web Server” certificate.

    Derek Seaman does a great job going into detail on how to create and use SSL certs for vCenter. Check out his blog post: http://derek858.blogspot.com/2012/09/vmware-vcenter-51-installation-part-2.html

  3. Tom
    12:29 pm on November 1st, 2012

    The OBVIOUS no-brainer solution is for the vCenter install ITSELF to check whether the server or whatever has the ability to create Windows certs, then offer this option to the user, plus the option to obtain software for and create Open SSL certs.

    The obvious 3rd-party market is something that automates the above processes for people.

    VMware should be doing all this cert stuff FOR us if they insist on this excessively complicated cert system.

  4. Phil
    1:30 pm on November 1st, 2012

    So I guess a quick clarification — if I’m installing vSphere/vCenter/SRM 5.1… is any of this required?

  5. Rick Scherer
    4:04 pm on November 1st, 2012

    Not required, there are default SSL certificates that could be used.

Leave a Comment

Name (required)

Email (required)



More Blog Post