Introduction

In order to centralize certificate management and unify the procedure of generation of certificates for VMware management components in the whole SDDC stack, the VMware Validated Design Certificate Generation Utility (CertGenVVD) can be used to generate certificate signing request (CSR) files  and automatically sign them using your Microsoft CA authority. This will save you a lot of time and efforts and make sure the generated certificates are compliant with VVD requirements.

In the below post, I will guide you, step-by-step, how to install CertGenVVD tool and use it to generate required certificates for vRealize Automation. The same procedure can be followed by other VMware SDDC products.

CertGenVVD Prerequisites

Read moreNSX-T Tier-1 Service Router (SR) Placement – LAB2PROD

You run the CertGenVVD utility on a Windows operating systems that has the Java SE Development Kit and OpenSSL installed.

  • Operating System: Win 2K12 R2
  • Java SE Development Kit (JDK): 1.7 or later
  • OpenSSL: 1.0.2d or later

Install CertGenVVD Tool

NOTE: The default installation paths are used in the above two powershell commands. Change the JRE version in command according to the version you download.

Create Certificate Template

  • Login to your CA server. Click Windows Start > Run, enter certtmpl.msc, and click OK.
  • In the Certifcate Template Console, under Template Display Name, right-click Web Server and click Duplicate Template.
  • In the Duplicate Template window, leave Windows Server 2003 Enterprise selected for backward compatibility and click OK. If you are using SHA2 encryption level, select Windows Server 2008 Enterprise.
  • In the Properties of New Template dialog box, click the General tab. In the Template display name text box, enter VMware as the name of the new template. Change the validity period according to your needs. 
  • Click the Extensions tab. Edit Application Policies and remove Server Authentication from it. Edit Key usage and select the Signature is proof of origin (nonrepudiation) check box. Leave the default for all other options. Click OK.
  • Click the Subject Name tab, ensure that the Supply in the request option is selected, and click OK to save the template. 
  • To add the new template to your CA, click Windows Start > Run, enter certsrv.msc, and click OK. Right-click Certificate Templates and select New > Certificate Template to Issue
  • In the Enable Certifcate Templates dialog box, select the VMware certifcate that you just created in the Name column and click OK. 

Create Config files

  • Navigate to the CertGenVVD-3.0.1 file location and open default.txt with your favorite text editor. Update the default values according to your organization needs and save. 
  • Open vra.txt in ConfigFiles folder. Edit vra.text to match your environment.You can delete all other txt files if you need only to generate certificate for VRA. The tool will create a certificate for any config file in this folder.Short names and FQDN names for VRA appliances, IaaS Web servers, IaaS manager Servers and their corresponding load balancers will need to be added to the list of subject alternative names (SAN).Note that the parameter values in default.txt will replace the [CERT] values that are set to default in the vra.txt file. 
Read moreVCF, NSX, SD-WAN, AWS – LAB2PROD

Generate MSCA Signed Certificate

Hope this post is informative,

Thank you for reading,

Mohamad Alhussein

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading…

Similar Posts

Keep openEuler Updated

Keep openEuler Updated

sudo reboot dnf check-update sudo nano /etc/dnf/dnf.conf In openEuler, you can find the DNF configuration file at /etc/dnf/dnf.conf. We need to edit this file to change the behavior of DNF…