While I was at VMworld 2014 in San Francisco last week I got a lot of very positive feedback about my 20 part vSphere 5.5 install series and my vSphere toolkit script. I’m glad its helped so many people make their vSphere SSL life easier. Up until now my Toolkit script assumed the ‘simple’ vCenter install with all services located on a single VM. This worked for most deployments, but clearly doesn’t cover all use cases. Some large organization may separate out the roles, such as SSO.
So to that end I’ve made some significant changes my to vSphere Toolkit script in v2.0, which requests the user to input the FQDN for all certificates. I’ve also added a prompt for the vCenter IP address, in case you want that in your certificate as well. Previously this was setup as a static variable in the script. To still keep things as easy as possible, the script will still read the hostname of the computer that it is running on and default to that for all the prompts. So if you have a simple install, you just need to press ENTER about a dozen times and don’t need to type a single hostname.
As always, the latest version of the script can be downloaded at vExpert.me/toolkit55. The only other feature that has been requested is a triple stack of Certificate authorities, versus the root and subordinate architecture that I support today. I’m not sure there’s enough demand to make those changes, but that could be an enhancement in the future.
If you do decide to implement distributed vCenter components, then you will need to manually copy the certificate directory structure to each server and use the VMware SSL automation tool script in the proper sequence on each component. Below is a screenshot of the FQDN requests for each of the certificates.