Configuring CA signed certificates is a challenge with vSphere as with any complex enterprise environment. Securing an environment is a requirement in many large organizations. You need public certificates (such as Verisign, enterprise certificates, Microsoft CA, or OpenSSL CA) to ensure a secure communication. This article provides steps to allow configuration of these certificates on vSphere components in an environment.
Please validate each step below. Each step provides instructions or a link to a document that provides information on configuring the certificates in your environment.
Note: You do not need to follow all the steps. However, it is recommended that certificates are replaced for all components in a vSphere environment.
-
-
Configuring vCenter Server 5.0 certificates should be the first step in a deployment. In a new installation, it also reduces the amount of overhead required for implementation because hosts need not be reconnected to vCenter Server. In an existing configuration, ESXi hosts must be reconnected after configuring the certificate because the password used to connect to vCenter Server is encrypted with the certificate. At this point, vCenter Server should be installed and configured appropriately and all functions (such as, Web services including Hardware Status) should be functional. If they are not working before the configuration of the certificates, they will not work later. For more information, see
Configuring CA signed certificates for VMware vCenter Server 5.0 (2015421).
-
If your issue persists even after trying these steps:
- Collect the custom certificate configuration information, including the OpenSSL configuration file (normally openssl.cfg), rui.key, rui.crt, and rui.csr.
- Gather the VMware Support Script Data. For more information, see Collecting diagnostic information for VMware products (1008524) .
- File a support request with VMware Support, include the gathered information, and note this Knowledge Base article ID (2015383) in the problem description. For more information, see How to Submit a Support Request .