File generation procedure for the Certificate Automation Tool
search cancel

File generation procedure for the Certificate Automation Tool

book

Article ID: 330162

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The purpose of this article is to clarify the file handling process to prepare the certificate files for use by the Certificate Automation Tool.



Resolution

This diagram details the process and steps to deploy, replace, and update the certificates used in vSphere.



Additional Information

This article does not apply to the vCenter Server Appliance.SSL certificates, WindowsGenerating certificates for use with the VMware SSL Certificate Automation Tool
Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 5.x
Recovering from expired SSL Certificates in VMware vCenter Server 5.1
Certificate Automation Tool によるファイルの生成手順について

Impact/Risks:
Pay close attention to these steps when updating the certificates in your vSphere environment:
  1. Generate the certificate file request perfectly.
  2. Ensure to match the .csr and the .cer file with the correct rui.key file for each service.
  3. Verify that the templates comply with the requirements when using a Microsoft-based CA. For more information, see Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 5.x (2062108).
  4. Verify that the PEM file has the correct order of certificates with no blank spaces in between each certificate in the chain.
  5. Ensure to follow this for each vSphere component. Each file pair (.cer and rui.key) must be applied individually per component.
Note: If the vSphere components are installed on separate servers, this process must be performed on each server.
For information to update the certificates on a vSphere system in which the certificates have expired, see Recovering from expired SSL Certificates in VMware vCenter Server 5.1 (2097692).