Summary
The VMware Certificate Authority (VMCA) Certificate Generator gives you the ability to simply retrieve certificates signed by the VMware Certificate Authority (VMCA) running on vCenter / PSC.
This can be useful when you don't have access to a company wide Certificate Authority (e.g. small-business or running in a lab), but you want to have valid certificates for your services.
The certificates can be used for other VMware products like vRealize Suite, NSX as well as 3rd party services.
Once you trust the VMCA root certificate (to be retrieved by the vCenter URL or over this tool), you trust all services with the new certificates.
The validity of the certificates is not changeable and depends on the vCenter version. With vCenter 7.0 you'll get certificates valid for 2 years.
The VMCA Certificate Generator comes as a .jar file and needs to be run with java - either right-click and "open with jar Launcher" or run with "java -jar vmca-cert-generator.jar".
To connect to vCenter or PSC,
Fill in FQDN or IP of vCenter/PSC together with a shell user (e.g. root) in the form.
Add the certificate details and click "START".
The log will appear in the upper right corner, followed by a Download button.
The Download will provide you with a .zip file containing:
- certool.cfg -> just for reference the certificate settings
- root.cer -> the VMCA root certificate
- private.key and public.key
- .cer -> X509 certificate
- .pfx -> encrypted certificate in PKCS#12 format - encrypted with specified password
- chain-with-privkey.pem -> certificate chain including private key
- chain-without-privkey.pem -> certificate chain without private key
Different tools / services require different formats of certificates to upload. Usually you'll need only one of the created certificate files. Please report missing formats that should be included.
Requirements
- Java Runtime (tested with 1.8.x)
- vCenter 6.7 or 7.0 (might also work with lower versions)
- vCenter / PSC Appliance set to BASH as default Shell - see: https://kb.vmware.com/s/article/2100508
Instructions
- If not already done, change the vCenter default Shell to BASH : https://kb.vmware.com/s/article/2100508
- Download VMCA Certificate Generator ZIP and extract "vmca-cert-generator.jar" on your client
- Run the tool with either "java -jar vmca-cert-generator.jar" or right click and "open with Jar Launcher"
- Fill out all fields and press "START"
- Press "DOWNLOAD" and save the certificate bundle as .zip file
- Extract the downloaded ZIP file
- Provide the certificate in the appropriate format to your product(s). The required certificate format differs from product to product.
Changelog
Version 1.0 Update
- Added the open source license file.
Contributors
Similar Flings
Virtual Machine Desired State Configuration
Virtual Machine Desired State Configuration (VMDSC) allows virtual administrators to specify VM CPU/Memory desired state which will take effect upon the next Guest OS reboot. This removes the burden of having to schedule a downtime window with the business/app owners.
Cross vCenter VM Mobility - CLI
Cross vCenter VM Mobility - CLI is a command line interface (CLI) tool that can be used to migrate or clone a VM from one host to another host managed by a linked or isolated vCenter (VC) instance.
Skyline Automation Toolkit
The Skyline Automation Toolkit is designed to save valuable time in remediating potential issues surfaced by Skyline Advisor to ensure stability, security and productivity. The Toolkit allows cloud admins and SREs to automate Skyline Advisor's Proactive Intelligence with their own tools and processes.