UPDATE 4/28/2013: VMware has released the vCenter Certificate Automation tool. This is a better tool for replacing the vCenter SSL certificates (post-install), and does not require pre-staging the certificates. Since this is an official tool, and does more than my pre-staging method, I strongly urge you to follow my refreshed vSphere 5.1 Update 1 instructions and use the VMware certificate tool instead of the script below.
Given the complexity and bugs with replacing the SSL certificates in vSphere 5.1, the method which seems to work pretty well is what I call vCenter 5.1 SSL pre-staging. In Part 2 of my vSphere 5.1 installation series, I show how to create the required SSL certificates. To make the installation a bit faster and less error prone, I wrote a super simple batch file that creates the required SSL directories and copies the certificates from Part 2 to the proper directories. You can then install the Inventory Service, vCenter, Web Client, and VUM with minimal fuss.
The batch file assumes the directory structure that I outlined in Part 2 is in place. Noteworthy is that the SSO service does not have a “default” directory for the SSL certificates, unlike the rest of the services. So I created one (see the first line in the batch file), which protects the SSO SSL certificates from getting messed with since configuration files point to their location. Thus using a “temp” location for the SSO SSL certificates is a bad idea, and will result in a broken install if/when those certificates are changed or deleted.
You can run the batch file after you complete Part 2, and before you proceed to any further sections. The SSO service still needs manual configuration for trusted SSL certs, but the rest of the services will automatically use the new certs.
After the batch file runs, you should see the rui.pfx, rui.key and rui.crt files in each of the SSL directories. You can proceed to Part 3 after you run the batch file.
mkdir c:\ProgramData\VMware\SingleSignOn\SSL robocopy D:\Certs\SSO\ c:\ProgramData\VMware\SingleSignOn\SSL\ /XF rui.csr sso.cfg copy D:\certs\Root64.cer C:\ProgramData\VMware\SingleSignOn\SSL\ mkdir "C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl" robocopy D:\Certs\Inventory\ "C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl" /XF rui.csr inventory.cfg mkdir "C:\ProgramData\VMware\VMware VirtualCenter\ssl" robocopy D:\Certs\vCenter\ "C:\ProgramData\VMware\VMware VirtualCenter\ssl" /XF rui.csr vcenter.cfg mkdir "C:\ProgramData\VMware\vSphere Web Client\ssl" robocopy D:\Certs\WebClient\ "C:\ProgramData\VMware\vSphere web client\ssl" /XF rui.csr webclient.cfg mkdir "C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL" robocopy D:\Certs\VUM\ "C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL" /XF rui.csr vum.cfg