VMware vSphere

 View Only
  • 1.  Platform Services Controller - Certificate Authority

    Posted Jul 05, 2018 05:27 AM

    Hi there,

    Is anyone able to confirm if you have an environment with multiple platform services controller (all under the same SSO domain), do you need to setup each PSC as a Sub-CA if you intend to use say a Microsoft Certificate Authority?

    Basically I have 2 vCenters and 2 Platform Services Controllers across 2 different sites all under the same SSO domain.  I setup the first PSC as a sub-ca to my Microsoft PKI and everything is now signed off as I would like.  In the second site, I setup the second vcenter and PSC and joined the PSC to the existing SSO domain.  However, the vCenter and PSC will not sign certificates from the other PSC.  It appears I have to set this PSC up as a sub-ca also. (I assume the secondary PSC does not replicate the certificate authority information from the first PSC??)

    I just want to make sure this is the correct way or if I am missing something basic...

    Thanks in advance for your help :smileyhappy:

    Kind Regards,

    Justin



  • 2.  RE: Platform Services Controller - Certificate Authority
    Best Answer

    Posted Jul 05, 2018 02:06 PM

    Yes. You need to have the second PSC also setup as Subordinate if the first PSC is subordinate. The issuer of the vcenter certificates would be the PSC to which it is connected to so if the vc2 is pointed to psc2, it talks to vmca.. if vmca is default and not subordinate, it would not talk to psc1. it will only sign by vmca but not by subordinate CA.

    Thanks,

    MS



  • 3.  RE: Platform Services Controller - Certificate Authority

    Posted Jul 10, 2018 04:03 AM

    Thanks MS, that's perfect information :smileyhappy: