Wissensdatenbank
Buehl, Kevin
18 Dezember 2016
5.051

Wissensdatenbank

VMware vCenter Server Appliance 6.5 SSL Zertifikat austauschen

Vorwort


Ich erkläre hier wie Sie in einer VMware vCenter Server Appliance (vcsa) das SSL Zertifikat austauschen.

Zertifikat


Kopieren


Um das VMware Standard SSL-Zertifikat ersetzen zu können, müssen Sie Ihr Zertifikat auf die VMware vCenter Server Appliance kopieren.
mkdir /tmp/cer/
rsync --numeric-ids -avze ssh fileserver.4b42.net:/ssl /tmp/cer/
The authenticity of host 'fileserver.4b42.net (10.48.42.1)' can't be established.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fileserver.4b42.net,10.48.42.1' (ECDSA) to the list of known hosts.
root@fileserver.4b42.net's password:
receiving incremental file list
san/
san/san.bdl
san/san.crt
san/san.csr
san/san.key
san/san.pfx
san/vmware.crt


Ersetzen


/usr/lib/vmware-vmca/bin/certificate-manager
                 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 1

Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate

2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate

Option [1 or 2]: 2

Please provide valid custom certificate for Machine SSL.
File : /tmp/cer/san.bdl

Please provide valid custom key for Machine SSL.
File : /tmp/cer/san.key

Please provide the signing certificate of the Machine SSL certificate
File : /tmp/cer/vmware.crt

You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Replacing Machine SSL Cert...]
4b42
Lookup all services
Get service 4b42:850eae31-e689-4581-85ec-26c935cfb662
Update service 4b42:850eae31-e689-4581-85ec-26c935cfb662; spec: /tmp/svcspec_aKIg5n
...
Updated 29 service(s)
Status : 100% Completed [All tasks completed successfully]