Fresh out of development today VMware has a new tool to help everyone with the implementation of custom certificates. The vCenter Certificate Automation Tool 1.0, will help customers update certificates needed for running vCenter Server and supporting components. This is primarily of interest to customers who use custom certificates either generated internally from Corporate CAs, or from public CA’s like VeriSign.
To add a little background information various components within vSphere and the vCenter platform use certificates for identifying themselves as well as for secure communication with external software entities (browsers, API clients). These can broadly be classified into the following categories:
- Secure token Service Certificate – Certificate used by vCenter Single Sign On (SSO) for encryption tokens
- Solution User Certificates – Certificates used by each solution to identify themselves as users to SSO
- SSL Certificates – certificates needed for SSL communication for the UI and API layer
- Host Certificates – These certificates are deployed in each ESXi host and used for secure vCenter to ESXi communication.
Note: The new certificate tool automates the updating of certificates in the management layer only (a, b, c above). This tool does NOT handle replacement of certificates in ESXi hosts.
The vCenter Certificate Automation Tool aims to automate the process of uploading certificates and restarting the following components within the vCenter Platform:
- vCenter Server
- vCenter Single Sign On
- vCenter Inventory Service
- vSphere Web Client
- vCenter Log Browser
- VMware Update Manager (VUM)
- vCenter Orchestrator (VCO)
For more information on how to download, install, and use the tool, refer to KB article: Deploying and Using the SSL Certificate Automation Tool (2041600).