Configuring CA signed certificates is a challenge with vSphere as with any complex enterprise environment. Securing an environment is a requirement in many large organizations. You need either public certificates (such as Verisign or Globaltrust), Microsoft CA certificates, or OpenSSL CA certificates to ensure a secure communication.
This article provides steps to allow configuration of these certificates on vSphere components in an environment. The article also assumes that all components are installed and running already with self-signed certificates.
Please validate each step below. Each step provides instructions or a link to a document that provides information on configuring the certificates in your environment.
  1. Generate certificate requests and certificates for each of the vCenter Server components. For more information, seeCreating certificate requests and certificates for the vCenter Server 5.1 components (2037432).

  2. Replace the vCenter SSO certificates. For more information, see Configuring CA signed SSL certificates for vCenter SSO in vCenter Server 5.1 (2035011).

  3. Replace the Inventory Service certificates. For more information on this, see Configuring CA signed SSL certificates for the Inventory service in vCenter Server 5.1 (2035009).

  4. Replace the vCenter Server 5.1 certificates. For more information, see Configuring CA Signed Certificates for vCenter Server 5.1 (2035005).

  5. Replace the vSphere Update Manager Update Manager Certificates. For more information, see Configuring CA signed SSL certificates for VMware Update Manager in vSphere 5.1 (2037581).

  6. Replace ESXi 5.x host certificates. For more information, see Configuring CA signed SSL certificates with ESXi 5.x hosts (2015499).

If your issue persists even after trying these steps:

 

Source: VMwareKB

Advertisements