SSL Certificate Automation Tool - Past Blogs

I wanted to post these here as they were my first initial Blog Posts, created prior to this blog existing. I was heavy into the development and testing of the Tools until I transitioned into Professional Services Engineering.  The following should still be of great use though, as the process is still incredibly complex.  I hope to see everything get much simpler in the future.

===================
Originally Posted: April 4, 2013

Introducing the vCenter Certificate Automation Tool 1.0

Fresh out of development today VMware has a new tool to help everyone with the implementation of custom certificates. The vCenter Certificate Automation Tool 1.0, will help customers update certificates needed for running vCenter Server and supporting components. This is primarily of interest to customers who use custom certificates either generated internally from Corporate CAs, or from public CA’s like VeriSign.

To add a little background information various components within vSphere and the vCenter platform use certificates for identifying themselves as well as for secure communication with external software entities (browsers, API clients).  These can broadly be classified into the following categories:

1. Secure token Service Certificate – Certificate used by vCenter Single Sign On (SSO) for encryption tokens
2. Solution User Certificates – Certificates used by each solution to identify themselves as users to SSO
3. SSL Certificates  – certificates needed for SSL communication for the UI and API layer
4. Host Certificates – These certificates are deployed in each ESXi host and used for secure vCenter to ESXi communication.

Note: The new certificate tool automates the updating of certificates in the management layer only (a, b, c above). This tool does NOT handle replacement of certificates in ESXi hosts.

The vCenter Certificate Automation Tool aims to automate the process of uploading certificates and restarting the following components within the vCenter Platform:

• vCenter Server
• vCenter Single Sign On
• vCenter Inventory Service
• vSphere Web Client
• vCenter Log Browser
• VMware Update Manager (VUM)
• vCenter Orchestrator (VCO)

For more information on how to download, install, and use the tool, refer to KB article: Deploying and Using the SSL Certificate Automation Tool (2041600).

======================
Originally Posted: May 21, 2013

SSL Certificate Automation Tool version 1.0.1

Last month we announced a new SSL Certificate Automation tool to help everyone with the implementation of custom certificates. Yesterday, we released the second version of it (version 1.0.1). This is a minor update which aims to simplify the replacement of certificates further by adding Certificate Signing Request (CSR) functionality to the tool. This functionality allows a user to quickly generate certificate requests (and consequently the private keys) for submission to the Certificate Authority.  The CSR functionality was the largest portion of manual steps, and as a result the update reduces the number of steps by over 15.

In addition, there are several minor bug fixes which were fixed which impacted tool functionality.

For further details and to download the latest version of the SSL tool see: Deploying and Using the SSL Certificate Automation Tool (2041600).

We hope these additions provide useful for everyone!

======================

Look forward to more to come!