This is the second blog post in the Replacing default certificates in vSphere 6 series. The first post can be found here.
In this blog post we take a look at how to obtain a CA certificate from the CA authority.
Now that we have a CA up and running and the certificate template create for vSphere 6, we can go ahead and download the CA root certificate which we will be using to generate the signing request for vSphere components.
Login into the CA server through a web browser by pointing it to https://<CA-Server>/certsrv. Then click on the Download a CA certificate, certificate chain, or CRL option.
In the next window, select the radio button Base 64 and click on Download CA certificate chain.
This will save the certificate in the p7b format. Save it, open it with the certificate viewer tool and then export it to the .cer format. the p7b is a chain and cannot be used in the process of signing the request or replacing the certificates.
This has to be saved at a location (C:\Certs in our case) so we can use this later. This folder is created on the PSC machine as we will be replacing the certificates in PSC and then proceeding on to the vCenter server.
NOw we can proceed to the next step which is generating the signing requests for the PSC and getting them signed by the CA authority.
Abhilash Basavarajaiah is a Global Technical Alliance Manager and an Ambassador for the Office of the CTO @ VMware.
He is a dynamic IT professional and an ambitious, highly-motivated individual with experience in pre-sales, business development, and
strategic alliances. He experienced in designing and architecting
hybrid cloud infrastructure with a focus on Software-Defined Datacenter.
He is passionate about technology and all things virtual and VMware has recognized him as a VMware vExpert and a vExpert Pro under the Evangelist path for his contribution to the virtualization and cloud computing communities through knowledge sharing and content creation.
Abhilash holds numerous technical certifications from VMware, EMC, Cisco, CNCF, Microsoft, and Rackspace