• Creating the certificate request
• Getting the certificate
• Installation and configuration of the certificate in vCenter Server

• You have a vSphere 5.1 Environment
• All certificates and corresponding files are already generated per the workflow in Implementing CA signed SSL certificates with vSphere 5.x (2034833).
  

Installation and configuration of the certificate in vCenter Server

1. Log in to vCenter Server as an administrator.
2. If you have not already imported it, double-click the c:\certs\Root64.cer file and import the certificate into the Trusted Root Certificate Authorities > Local Computer Windows certificate store. This ensures that the certificate server is trusted.
3. Backup the rui.crt, rui.key, and the rui.pfx certificates for vCenter Server.
   
   By default, the certificates are located at:

• In Windows 2008 - C:\ProgramData\VMware\VMware VirtualCenter\SSL
• In Windows 2003 - C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL

1. Copy the new certificates (from c:\certs\vCenter, if you are following this resolution path) to the SSL directory for your operating system listed in Step 3.
2. Open rui.crt in a text editor and validate that the first line of the file begins with -----BEGIN CERTIFICATE-----. If there is any text prior to this, remove it. The code that validates the certificate may fail in Step 5 if there is additional text.
3. Go to https://localhost/mob/?moid=vpxd-securitymanager&vmodl=1 on the vCenter Server and load the certificates for the configuration by using the Managed Object Browser (MOB).
   
   Note: If the Managed Object Browser of the vCenter Server has been disabled per the VMWare vSphere Hardening Guide, this prevents access and display the error: 503 Service Unavailable. To resolve this issue, see vCenter Server Managed Object Browser (MOB) reports a 503 Service Unavailable error (2042554).
   
   
4. Click continue if you are prompted with a certificate warning.
5. Enter a vCenter Server administrator username and password when prompted.
6. Click reloadSslCertificate.
7. Click Invoke Method. If successful, the window shows this message: Method Invocation Result: void.
8. Close both windows.
9. Open a command prompt on vCenter Server and change to the isregtool directory. By default, this is C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool.
10. Run this command to register the vCenter Server to the inventory service:
    
    register-is.bat vCenter_Server_URL Inventory_Service_URL SSO_Lookup_Service_URL
    
    Where these URLs are the typical URL (modify if ports are different):
    
11. vCenter_Server_URL is https://server.domain.com/sdk
12. Inventory_Service_URL is https://server.domain.com:10443/
13. SSO_Lookup_Service_URL is https://server.domain.com:7444/lookupservice/sdk
    
    If the command is successful, you see a message similar to:
    
    
    Note: If the return code is not 0 0, an error has likely occurred in the command. Review the text to see the error. The most common error is a mistyped URL in one of the three services.
    
    
14. Change to the vCenter Server directory. By default, this is C:\Program Files\VMware\Infrastructure\VirtualCenter Server\.
15. Run this command:
    
    vpxd -p
    
    
16. Type the password for the vCenter Server database user to encrypt the password with the new certificate.
17. Restart the VMware VirtualCenter Server service from the service control manager (services.msc)
18. Restart the VMware vSphere Profile Driven Storage Service.
19. After the initial restart of the services, wait for 5 minutes. If the VMware vSphere Profile Driven Storage service stops during this time, restart it.
20. Navigate to https://vcenterserver.domain.com/ and validate the certificate.