introduction
In previous article we have seen how to configure vCenter certificate with OpenSSL CA
In network pioneers we believe in Diversity : so in this article we will discuss how to configure ESXI certificate with another type of certificate authority CA : which is Microsoft ADCS [ Active Directory Certificate Authority
network diagram
please have a look to network diagram above
we have :
- domain controller for AD DC101.pioneers.lab with IP address 172.16.100.101 and configured with ADCS
- To see how to configure ADCS , please press here
- ESXI151 with IP address 172.16.100.151
- ESXI152 with IP address 172.16.100.152
- ESXI153 with IP address 172.16.100.153
- VCenter server VCSA161.pioneers.lab with IP address 172.16.100.161
Configuration Steps
our steps to configure ESXI with ADCS certificate include :
- Check ESXI153 certificate
- Configure vCenter server ESXI153.pioneers.lab to request new certificate
- Create custom certificate based on request
- Convert certificate to PEM format
- Import new custom create certificate to ESXI153
- Verify certificate is installed
check current certificate
open web console for ESXI153 https://esxi153.pioneers.lab
create certificate request on ESXI153
first we need to create certificate request
open https://esxi153 > manage > security and users > certificate > import new certificate
create custom certificate for ESX
now it is time to create custom certificate based on ESXI153 request
ADCS is already installed , to see how to install ADCS : please press here
open ADCS http://dc101.pioneers.lab/certsrv
convert certificate to PEM format
ESXI support ONLY .PEM certificate format
so we have to convert .crt format to .PEM format
- download openSSL for windows from here
- Create folder c:\openssl
- Copy certificate newcrt.cer to c:\openssl
- unzip the downloaded file and copy the contents of the “bin” folder to : C:\OpenSSL
- Then, open a command prompt (cmd) and type this :
cd c:\OpenSSL
openssl x509 -inform der -in c:\openssl\certnew.cer -out c:\openssl\certnew.pem
Once converted, you will have 2 certificates :
the one in Windows format in “.cer”.
the one in Linux format in “.pem
import custom certificate to ESXI
open https://ESXI153 > manage > security and users > certificate > import certificate >
copy content of certnew.pem file and paste inside
verify custom SSL certificate on ESXI
now new custom certificate has been imported to ESXI153
to verify SSL certificate is installed > open https://esxi153
you will notice certificate is valid and issuer is DC101.pioneers.lab NOT vmware CA
also certificate is valid for 2 years NOT 5 years
conclusion
vSphere certificate could be configured
you are free to configure vSphere certificate either by free tools OpenSSL or by microsoft ADCS active directory certificate service
in previous article we have seen how to configure Vcenter certificate with openSSL ,
in this article we have seen how to congifur esxi certificate wtith microsoft ADCS
