Right-click Certificate Templates and click New > Certificate Template to Issue. In the left pane of the Certificate Console, if collapsed, expand the node by clicking the + or ▹ icon. Now that we have created the certificate template for vSphere 6.0 to use for Machine SSL and Solution User certificates it’s time to add them to the list of template that we can select when submitting our CSR’s.įrom the server desktop, Click Start > Run, type certsrv.msc, and click OK. Click OK to save the template.Īdding a new template to certificate templates Ensure that the Supply in the request option is selected. Leave all other options as default.Ĭlick the Subject Name tab. Select the Signature is proof of origin (nonrepudiation) option. Select Server Authentication and click on Remove and then OK. Select Application Policies and click Edit. In the Template display name field, enter vSphere 6.0 as the name of the new template.Ĭlick the Extensions tab. If you have an encryption level higher than SHA1, select Windows Server 2008 Enterprise.Ĭlick the General tab.The UI may not show “ Windows Server 2003 Enterprise” unless you are running an Enterprise edition of Windows.In the Duplicate Template window, select Windows Server 2003 Enterprise for backward compatibility. In the Certificate Template Console, under Template Display Name, right-click Web Server and click Duplicate Template. These are what we’ll submit our Certificate Signing Requests (CSR’s) against. We’ll be creating a new template for use by the Machine SSL and Solution Users certificates. You’ll see a laundry list of different certificate templates from Domain Controller to Smartcard Logon and more. This starts up the Certificates Templates Console. What you’ll want to do first is log into your Windows server, click Start > Run and type certtmpl.msc and click OK. Install- AdcsCertificationAuthority - CACommonName "Root CA" - CAType StandaloneRootCA - CryptoProviderName "RSA#Microsoft Software Key Storage Provider" - HashAlgorithmName SHA1 - KeyLength 2048 - ValidityPeriod Years - ValidityPeriodUnits 20 - forceĬreating a new template for vSphere 6.0 to use for Machine SSL and Solution User certificates The latest version of the script also sets up the system as a certificate authority using the following Powershell commands. If you want to try this out yourself in a lab environment, check out my Powershell script for building a Windows 2012 Domain Controller. You can use other versions of Windows and the UI is pretty much the same. In my example, I used a Windows 2012 server running as a virtual machine on my Mac via VMware Fusion. The requirements are that you are running a Windows Server and have a working Certificate Authority role configured. Several vCenter Server solution users are predefined and authenticate to vCenter Single Sign-On. You can replace the certificate on each node with a custom certificate.Ī solution user is a collection of services. It is used by the reverse proxy service on every management node, Platform Services Controller, and embedded deployment. The Machine SSL certificate is the certificate you get when you open the vSphere Web Client in a web browser. The next blog on replacing the Machine SSL certificate will reference this blog. In this blog post we will go over the steps outlined in the VMware Knowledgebase article 2112009 for the creation Machine SSL and Solution User certificates in a Microsoft Certificate Authority (CA).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |