Creating CA assigned certificates for vSphere is a complex task. In many organizations it is required to maintain proper security for regulatory requirements. There are several different work flows required for successful implementation:
- Creating the certificate request
- Getting the certificate
- Installation and configuration of the certificate in the vSphere Update Manager
These steps must be followed to ensure successful implementation of a custom certificate for vSphere Update manager. Before attempting these steps, ensure that:
Installation and configuration of the certificate for the vSphere Update manager
To complete the installation and configuration of the certificate for vSphere Update Manager after the certificate has been created:
- Log in to the vSphere Update Manager server as an administrator.
- If you have not already imported it, double click on the c:\certs\Root64.cer file and import the certificate into the Trusted Root Certificate Authorities > Local Computer Windows certificate store. This ensures that the certificate server is trusted.
- Backup the current certificates. By default, vSphere Update Manager stores its certificates in the C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL directory.
- Copy the new certificate files to this directory replacing the current ones. If you are following the series of articles in the resolution path, the certificates are located in C:\certs\Update Manager.
- Stop the vSphere Update Manager Service and the vSphere Update Manager UFA services from the services control manager (services.msc).
- Launch the VMwareUpdateManagerUtility.exe application. By default, it is located in C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
- When prompted, enter the correct credentials to log in to the utility.
Notes:
- If the system becomes unresponsive and then fails and if vCenter Server is on the same system as vSphere Update Manager, try using 127.0.0.1:80 as the address for vCenter Server. If you cannot log in, file a Support Request with VMware Support and quote this Knowledge Base article ID (2037581) in the problem description. For more information, see Filing a Support Request in Customer Connect (2006985).
- If Update Manager is not installed on the same system as vCenter Server, the loopback address does not work. In this case, edit the hosts file located at c:\windows\System32\drivers\etc\ and add an alternate DNS name for vCenter Server. For example, if vCenter1.acme.com is the vCenter Server at 10.10.10.10, add 10.10.10.10 vc1.acme.com and use this alternate name to log in to the utility.
- Click the SSL Certificate Link.
- Select the Followed and verified the steps option.
- Click Apply.
- Click OK when you see the message:
Restart the VMware vSphere Update Manager service to apply the setting
- Start the vSphere Update manager and vSphere Update Manager UFA services.