vSphere 5.5 Install Pt. 16: vCenter SSL

10-12-2013 9-06-56 PMANow that vCenter is fully installed, now it’s time to replace the self-signed certificate for the vCenter service and Orchestrator. Since we’ve already replaced the other certificates (SSO, Inventory, etc.) this process is a piece of cake. If you haven’t been following this series to the letter and have all self-signed certificates, you will need to use the VMware Certificate automation tool planner and follow all 16+ steps. You can only take the ‘short cut’ method if all other certificates have been replaced per my guide.

Blog Series

SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction 
vSphere 5.5 Install Pt. 2: SSO 5.5 Reborn 

vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi 5.5 Upgrade Best Practices and Tips 
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting 
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate

Permalink to this series: vexpert.me/Derek55
Permalink to the Toolkit script: vexpert.me/toolkit55

Automated vCenter SSL

1. From an elevated command prompt run the VMware certificate automation tool. Select Option 5.

10-12-2013 9-10-41 PM

2. On the vCenter menu select Option 2.

10-12-2013 9-11-23 PM

3. Answer all of the questions according to your environment. The certificate paths should already be configured if you used my Toolkit script. The vCenter server database password is the password to your vCenter service account. Make sure you enter it correctly or you may be left with a smoking vCenter hole.

10-12-2013 9-21-36 PM

Automated vCenter Orchestrator SSL

1. From the main menu select Option 6, then select option 3.

10-12-2013 10-11-21 PM

Health Check

1. Login to the vSphere Web client with the administrator@vsphere.local account. In the left pane click on the vCenter object. Click on Hosts and Clusters, then on the Monitor tab click Service Health.

10-22-2013 9-04-47 PM

If everything went well, all services should be green. If you service list is empty, then wait a minute or two, then click on the refresh Circle/Arrow in the upper right corner. If some services are in an unhealthy state, then reboot your vCenter server. Wait 10 minutes after the reboot, then check back on this page. Profile Driven Storage was a little stubborn for me, but a reboot and patience worked.

10-22-2013 9-05-42 PM


Yes, we are finally here! You have a fully working vCenter Server on Windows Server 2012, plus all trusted SSL certificates. If all of your services came up healthy, then you should be good to go. But wait..we still have VUM to install, configure, and secure. Plus those pesky ESXi hosts all need SSL certificates too. Check out the VUM install in Part 17.

Speak Your Mind


© 2017 - Sitemap