Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 2

So in part 1 we created the certificate template we needed, added the CA chain of trust to the VCSA and generated the CSR file we need in order to get the SSL certificate that we need. In this post we'll grab that CSR, issue the certificate and then install it in the VCSA. First off - connect your SCP client of choice to the VCSA, logging in as the root user. Create yourself a new directory locally for the
- Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 2

Read more

Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 1

Before reading this: if you don't have a multi-tier Public Key Infratructure, save yourself some time and go read the walkthrough at https://featurewalkthrough.vmware.com/t/vsphere-6-5/ssl-certificate-replacement-hybrid-mode/ - this is probably all you need if you're in a lab, but in a production envrionment it's reasonably likely that you'll be in a position where you have an offline root CA, and an online intermediate issuing CA (or potentially even more layers). I came across this myself on a
- Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 1

Read more

IDP Error [31] when trying to join to domain

So today I spent a couple of hours troubleshooting an issue that I've dealt with (and resolved in the same way) a number of times before. As such, this is a reminder to myself rather than anyone else however if it helps you out then... all the better! I built a domain recently based on Windows Server 2012R2, joined the VCSA (v6) in with no issues and the continued the build. I then get to the point where the core
- IDP Error [31] when trying to join to domain

Read more