Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 2

So in part 1 we created the certificate template we needed, added the CA chain of trust to the VCSA and generated the CSR file we need in order to get the SSL certificate that we need. In this post we'll grab that CSR, issue the certificate and then install it in the VCSA. First off - connect your SCP client of choice to the VCSA, logging in as the root user. Create yourself a new directory locally for the
- Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 2

Read more

Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 1

Before reading this: if you don't have a multi-tier Public Key Infratructure, save yourself some time and go read the walkthrough at https://featurewalkthrough.vmware.com/t/vsphere-6-5/ssl-certificate-replacement-hybrid-mode/ - this is probably all you need if you're in a lab, but in a production envrionment it's reasonably likely that you'll be in a position where you have an offline root CA, and an online intermediate issuing CA (or potentially even more layers). I came across this myself on a
- Replacing vCenter SSL machine certificates in a multi-tier PKI environment - Part 1

Read more