VMware vSphere 5.5 Toolkit v1.58 Live

As many of you know, one of my passions throughout my IT career has been security. Having worked in the Federal Government space for most of my career, making sure solutions are secure is always a top priority. Securing your VMware infrastructure is very important, and one of the primary tasks is using trusted SSL certificates. So last year I wrote the vSphere 5.5 Toolkit PowerShell script, which has had over 9,000 downloads! I had no idea it would be so popular. Here’s a screenshot of the main menu:

vsphere 5.5 toolkit

Features of the SSL toolkit script include:

  • Downloads and installs the proper version of OpenSSL (0.9.8.za) if it’s not already installed
  • Creates 2048 bit RSA private keys in the proper format
  • Creates a directory for each service bundle of SSL certificates
  • Generates seven OpenSSL configuration files, one for each certificate, in the appropriate directory
  • Downloads both root and subordinate root public certificates
  • Submits the CSRs to the online CA and downloads the certificates
  • Creates the needed service PEM files for the vCenter certificate automation tool
  • Creates the required root/subordinate PEM files
  • Handles the special SSO 5.5 certificate requirements
  • Does NOT require PowerCLI
  • Assumes all vCenter components are on one server
  • Automatically uses the hostname of the server you run the script on for all certificates
  • Creates a pre-filled vCenter Certificate Automation environment script – Just run!
  • Works with offline CAs
  • Creates SSO 5.5 certificate replacement files – Only used if manual replacing certs
  • Creates customized SQL vCenter and VUM database creation script
  • Creates SQL ODBC DSNs for vCenter and VUM
  • Automatically downloads and installs SQL 2008 R2 or SQL 2012 client package
  • Linux vCenter Server Appliance support for online minting and offline CSR creation
  • Creates certificates for Auto Deploy, Dump Collector, Syslog collector, Authentication Proxy
  • Support Microsoft CAs that require manual certificate approval

I’ve now updated the script with some minor modifications for v1.58, dated July 12, 2014:

  • Updated OpenSSL download to 0.9.8za
  • Removed SQL 2012 SP1 client download (link broken)
  • Fixed Database creation script bug
  • Added additional error handling and Powershell-ized more commands
  • Changed the sts.properties file to use sts in the URI per KB2058519

These are incremental updates, and the base functionality has remained the same. I am hoping for vSphere v.Next that VMware will streamline the whole process and give SSL replacement a makeover. I have no idea if this is in the works or not.

As always, you can download the latest version of the toolkit script from: vExpert.me/toolkit55 If you are using an older version I suggest you grab the latest copy. If you want full SSL lifecycle management and a paid solution, I recommend you check out the VSS Labs vCert Manager, which you can find out about here.

Also remember to check out my 20 part vSphere 5.5 series, which covers the usage of the toolkit script and a whole lot more. You can find that series at: vExpert.me/Derek55

Print Friendly, PDF & Email

Related Posts

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
August 7, 2014 11:19 am

Win32OpenSSL-0_9_8za.exe link is broken. New version is Win32OpenSSL-0_9_8zb.exe. I corrected the URL, script runs fine

October 27, 2014 12:59 pm

Win32OpenSSL-0_9_8zb.exe link is broken –> new one is Win32OpenSSL-0_9_8zc.exe