As many of you know, one of my passions throughout my IT career has been security. Having worked in the Federal Government space for most of my career, making sure solutions are secure is always a top priority. Securing your VMware infrastructure is very important, and one of the primary tasks is using trusted SSL certificates. So last year I wrote the vSphere 5.5 Toolkit PowerShell script, which has had over 9,000 downloads! I had no idea it would be so popular. Here’s a screenshot of the main menu:
Features of the SSL toolkit script include:
- Downloads and installs the proper version of OpenSSL (0.9.8.za) if it’s not already installed
- Creates 2048 bit RSA private keys in the proper format
- Creates a directory for each service bundle of SSL certificates
- Generates seven OpenSSL configuration files, one for each certificate, in the appropriate directory
- Downloads both root and subordinate root public certificates
- Submits the CSRs to the online CA and downloads the certificates
- Creates the needed service PEM files for the vCenter certificate automation tool
- Creates the required root/subordinate PEM files
- Handles the special SSO 5.5 certificate requirements
- Does NOT require PowerCLI
- Assumes all vCenter components are on one server
- Automatically uses the hostname of the server you run the script on for all certificates
- Creates a pre-filled vCenter Certificate Automation environment script – Just run!
- Works with offline CAs
- Creates SSO 5.5 certificate replacement files – Only used if manual replacing certs
- Creates customized SQL vCenter and VUM database creation script
- Creates SQL ODBC DSNs for vCenter and VUM
- Automatically downloads and installs SQL 2008 R2 or SQL 2012 client package
- Linux vCenter Server Appliance support for online minting and offline CSR creation
- Creates certificates for Auto Deploy, Dump Collector, Syslog collector, Authentication Proxy
- Support Microsoft CAs that require manual certificate approval
I’ve now updated the script with some minor modifications for v1.58, dated July 12, 2014:
- Updated OpenSSL download to 0.9.8za
- Removed SQL 2012 SP1 client download (link broken)
- Fixed Database creation script bug
- Added additional error handling and Powershell-ized more commands
- Changed the sts.properties file to use sts in the URI per KB2058519
These are incremental updates, and the base functionality has remained the same. I am hoping for vSphere v.Next that VMware will streamline the whole process and give SSL replacement a makeover. I have no idea if this is in the works or not.
As always, you can download the latest version of the toolkit script from: vExpert.me/toolkit55Â If you are using an older version I suggest you grab the latest copy. If you want full SSL lifecycle management and a paid solution, I recommend you check out the VSS Labs vCert Manager, which you can find out about here.
Also remember to check out my 20 part vSphere 5.5 series, which covers the usage of the toolkit script and a whole lot more. You can find that series at: vExpert.me/Derek55
Win32OpenSSL-0_9_8za.exe link is broken. New version is Win32OpenSSL-0_9_8zb.exe. I corrected the URL, script runs fine
I'll release a new version of the toolkit this weekend. Thanks for the heads up!
Win32OpenSSL-0_9_8zb.exe link is broken –> new one is Win32OpenSSL-0_9_8zc.exe
Thanks I've updated the script.