VMware: Replacing ESX Certificates
Op vmug.nl forum plaatste Erwieno een mooie handleiding over het vervangen van ESX certificaten. Met een duidelijke uitleg sowieso de moeite waard om het ook hier te publiceren.
– Wat heb je nodig:
OpenSSL
Winscp
Putty
Certificate Authority (Windows 2003)
– Stappen om uit te voeren:
Install on windows server 2003 Certificate Authority:
Follow the installation steps “when asked for Common Name fill in the server name”
— Download and install Root CA
Download from CA server “http://servername/certsrv” CA Certificate select “Base64”
Install CA Certificate on machine with OpenSSL installed
— Install Openssl:
Generate a new Key:
openssl genrsa 1024 > rui.key
openssl req -new -key rui.key > rui.csr -config openssl.cfg “when asked for common name, fill in the hostname of the server”
Open the .csr file in notepad (this file is generated in the openssl bin directory
Paste the contents of the rui.csr file into the field “Saved Request:”, choose with “Certificate Template:” for “Web Server”
Goto the Certificate Authority server Certification Authority MMC.
Goto pending Requests
Issue the request
Select “Base 64 encoded” and download the certificate (rename it to rui.crt) to the bin directory in which you were working in the command prompt
Back in the command prompt, run: openssl pkcs12 -export -in rui.crt -inkey rui.key -name FQDNofServer -out rui.pfx
— Change Certificate file to txt file so its working correctly for ESX:
openssl.exe x509 -text -in rui.crt -out rui.txt
rename rui.crt to rui_nontext.crt
rename rui.txt to rui.crt
For ESX open start winscp session, go to etc/vmware/ssl
Backup the old Certificates
copy the new Certificates there
— Start putty session to esx server:
#bash service mgmt-vmware restart
About Author
Thanks for another magnificent article. Where else may just anyone get that type of info in such an ideal means of writing?
I have a presentation next week, and I am on the search for such information.