Skip to content

vCenter Certificate Automation Tool v 1.0 and Single Sign-Update

by on April 25, 2013

vCenter Certificate Automation Tool v 1.0

VMware released a new tool this month for managing custom certificates for vCenter and management components. Custom certificates are those from an internal CA or commercial entity such as VeriSign.

The tool, which is in a zip file, and a Getting Started guide MS Word document, can both be downloaded from the vSphere 5.1 software page under the Drivers & Tools tab under Automation Tools and SDKs.

The tool provides a command line utility for updating these types of certificates
1. Secure token Service Certificate
2. Solution User Certificates
3. SSL Certificates

• vCenter Server
• vCenter Single Sign On
• vCenter Inventory Service
• vSphere Web Client
• vCenter Log Browser
• VMware Update Manager (VUM)
• vCenter Orchestrator (VCO)

It does not update certificates on ESXi hosts. The tool only works on Windows platforms and has been tested on Windows 2003 R2 SP2 and Windows 2008 R2 SP1.

The tool actually provides the correct order for one at a time installation/update of SSL certificates on the vCenter components. Each component update appears and may have one or more steps to it.

Initially the Update Steps Planner is run and it presents instructions to copy to ensure the install/update is performed in the correct order. Below is an image from kb article 2041600 “Deploying and using the SSL Certificate Automation Tool” demonstrating the detailed process presented when the Planner is run.

(click to enlarge)

The vCenter Certificate Automation Tool does not generate the certificates. VMware KB article 2044696 “Generating certificates for use with the VMware SSL Certificate Automation Tool” provides step by step instructions for generating SSL certificates. The instructions are based on a prerequisite set up of the environment that includes the installation of OpenSLL v0.9.8 installed in C:\OpenSSL-Win32. The steps detail the many items that are manually configured to use the Certificate Automation Tool. Once completed, you have referenceable directory locations and files for use with the tool.

Single Sign On Update

The VMware blog page on SSO has been updated with multiple articles on understanding, implementing and troubleshooting VMware SSO. Scroll down the page and 65 KB articles are listed for SSO.

As always Gotham Technology Group’s technical staff is available to assist with these processes.

From → Uncategorized

Comments are closed.

%d bloggers like this: