vsphere_static_160x300
Badges

vexpert_logo_100x57

gestaltitbadge

follow-me-twitter

Subscribe to me on FriendFeed

Comments / DISQUS
Tag Cloud
Feedjit.com
«
»

vCenter 4 and ESX 4 Now Use 10 Year Default SSL Certificate

PostDateIcon August 14th, 2009 | PostAuthorIcon Author: Rich Brambley

vcenter 4 cert CaptureIn my previous post 730 Days Later I pointed out the default VirtualCenter SSL certificate was only good for 2 years. If the untrusted certificate installed with vCenter and ESX was not replaced by the VI admin problems could arise when connecting with the VI Client or via the ESX 3.X web interface. Now with vSphere the default vCenter 4 and ESX 4 SSL certificate still needs to be changed, but it has been updated and is now good for 10 years giving admins a little more breathing room.

VMware has also updated it’s PDF on how to replace the cert. Be sure to download the new guide for Replacing VirtualCenter Server Certificates. Here is some brief info from the first paragraph of this document:

Certificates are automatically generated when you install vCenter Server and ESX/ESXi. These default certificates are not signed by a commercial certificate authority (CA) and may not provide strong security. You can replace default vCenter Server and ESX/ESXi certificates with certificates signed by a commercial CA.

This Technical Note includes the following topics:
“About vCenter Server Certificates” on page 1
“Pre?Trusting Server Certificates” on page 2
“Certificate Specifications” on page 2
“Certificate Locations” on page 2
“Replacing Default Server Certificates with Certificates Signed by a Commercial CA” on page 2
“Replacing Default Server Certificates with Self?Signed Certificates” on page 5
“Related Publications” on page 8

NOTE   If you have replaced the default vCenter Server or ESX/ESXi host certificates with certificates signed by a commercial CA, you do not need to perform the tasks in this document. You can configure server?certificate verification settings using the vSphere Client. See the Basic System Administration Guide for more information.

The vSphere Basic System Administration Guide can be found here.

VMware also has a couple of KB articles about best practices using SSL keys for communicating with VirtualCenter. Go here or here

An administrator can also decide to turn off the verification of SSL certificates. To do this go to the vCenter Settings from the vSphere Client and disable this feature in the SSL Settings section. This is also explained in the System Administration Guide mentioned previously.

Related Posts

PostCategoryIcon Posted in vSphere, virtualization, vmware | PostTagIcon Tags: , , , , ,
«
»
  • mikelaverick
    One word of warning about removing SSL certificate checking - it's required for FT...
  • Thanks for the SSL FT tip @Mike_Laverick! I did not know this, but FT has so many pre reqs it doesn't surprise me!
  • Host SSL is a new hidden gem under vCenter Administrative settings. The FT requirement is not the default if I remember right.
  • Great post Rich. For me, SSL and certificates is one of the more dry subjects and it takes all of my energy to pay attention. Thanks for making it interesting.
blog comments powered by Disqus
Hyper9 Cowabunga
Support VM /ETC
Support VMETC.com

Support VMETC.com

Free Business and Tech Magazines and eBooks
@rbrambley tweets
Advertisements
Facebook
VMETC
VMETC
Promote Your Page Too
VMTN Roundtable Podcasts
Subscribe



Add to Google Reader or Homepage
Subscribe in NewsGator Online
Add to netvibes
Add to Plusmo

License
Creative Commons License
www.vmetc.com by Richard Brambley is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 VM /ETC. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.