If you have never had the “Oh So Wonderful” fun involved with replacing and/or updating SSL certificates within your VMware infrastructures, you should consider yourself fortunate. For those of us who have, VMware has delivered a tool to save our sanity. Enter vCenter Certificate Automation Tool. According to VMware, the main two purposes for the tool is:
- Certificate Signing Request generation and Certificate update – Helps with certificate deployment and trust update. Note that the tool does not generate custom certificates for you. You are expected to generate these certificates offline following the instructions in this document.
- Update Steps Planner – Allows you to plan the sequence of certificate updates for the components. This prevents errors in the process that might otherwise occur.
Per VMware, in order utilize the tool you must be able to meet all of the following requirements:
- Administrative privileges on the server(s) on which you are running the tool. Although non-administrator users can download and launch the tool, all operations fail without the proper permissions.
- Access to each server that has vSphere components for which the SSL certificate should be updated.
- All vCenter Server components for which the certificates are to be updated are already installed and running.
- The new certificates and private keys already exist and you know the location of the new certificates. For increased security, generate each certificate and private key on the machine where it will be used.
To get all of the complete details be sure to check out the VMware KB articles below:
Deploying and Using the SSL Certificate Automation Tool 5.5
Generating certificates for use with the VMware SSL Certificate Automation Tool
http://brianragazzi.wordpress.com/2014/09/09/vcac-6-1-sso-configuration-gotcha/