Recently we were requested to install CA signed certificates on our ESX hosts to pass a security audit.
The thought of doing this manually bored me! so I wrote the following script – which recursively puts each host into maintenance, installs new certificate, then reboots the host, takes it out of maintenance and tests the certificate! The script also produces a detailed log file.
Continue readingI couldn’t find a lot of documentation on installing CA signed certificates on Dell EMC Unity arrays, so here are the steps:
1. Download and install openssl on your desktop/laptop.
2. Generate a cfg file using a txt editor, save it under c:\temp\unity1 folder as unity1_cfg.txt.
Example cfg file (modify for your environment):
[ req ] distinguished_name = req_distinguished_name encrypt_key = no prompt = no string_mask = nombstr req_extensions = v3_req [ v3_req ] basicConstraints = CA:false keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = DNS:unity1.myitblog.local [ req_distinguished_name ] countryName = GB stateOrProvinceName = State localityName = London 0.organizationName = myitblog.co.uk organizationalUnitName = IT commonName = unity1.myitblog.local
The goal of this procedure is to replace self-signed External PSC certificates with a Microsoft CA signed certificate.
Helpful blog posts and articles:
http://www.enterprisedaddy.com/2017/01/configure-psc-ha-in-vsphere-6-5-part-1-configuring-certificates/
https://kb.vmware.com/s/article/2112014
https://kb.vmware.com/s/article/2112009
https://kb.vmware.com/s/article/2136693
Environment:
2 External PSC servers (v6.5) behind a load balancer
PSC1 – psc1.myitblog.local
PSC2 – psc2.myitblog.local
VIP – vpsc.myitblog.local