Datacenter From the Trenches How-to Knowledge Base Management Resolution Paths

Implementing CA signed SSL certificates with vSphere 5.1

SSLOne of the most common things we see in VMware Global Support Services (GSS), regardless of product, version, or customer, is the need to implement custom certificates. This could be for a number of reasons:

  • Security
  • To get rid of the warning when you first login
  • You like a challenge

Whatever the case may be, in vSphere 5.1, the process has changed due to the addition of vCenter Single Sign On (SSO), which adds complexity to the procedure. This is because the majority of services register themselves to SSO. As a result of changing the certificates, the services also need to be re-registered.

As a result of repeated question from customers coming in on this, we gathered our Professional Services, Engineering, and Technical Writers to develop the following Resolution Path to guide you through the various steps through to completion (you can read more about resolution path articles here).

Resolution Path Article:

Child articles in the resolution path are:

Note: It is recommended that you follow the articles in the sequence provided as many steps are dependent on each other.


We have also created an article with the steps for vCenter Server Appliance 5.1:

Finally, we have updated these vSphere 5.0 articles thanks to feedback received on them:

Note: The vCenter Service fails to start up issue is now resolved in vCenter Server 5.1.0a. For more details, refer to KB article:
vCenter Server Services hang on startup after upgrading to vCenter Server 5.1 (2035623).

We hope that this helps everyone through their SSL implementation. If you find any errors or anomalies, there’s a feedback form at the bottom of every article. We will be keeping an active eye on your feedback!


0 comments have been added so far

  1. The OBVIOUS no-brainer solution is for the vCenter install ITSELF to check whether the server or whatever has the ability to create Windows certs, then offer this option to the user, plus the option to obtain software for and create Open SSL certs.

    The obvious 3rd-party market is something that automates the above processes for people.

    VMware should be doing this for us if they insist on this excessively complicated cert system.

Leave a Reply

Your email address will not be published. Required fields are marked *