VMware vSphere

 View Only

  • 1.  Replace Certificates - PFX File

    Posted Feb 16, 2019 04:47 PM

    Looking to replace the self signed certificates in my VCSA 6.7 appliance.  My security team provided me with a .pfx file which I copied over to a temp directory on my VCSA appliance.   I am now not 100% sure what openssl commands to run to extract the appropriate files needed to replace the self signed certificates.

    Any smart openssl people out there that can lend some guidance.



  • 2.  RE: Replace Certificates - PFX File

    Posted Feb 16, 2019 05:30 PM

    You need to get them to give you a base64-encoded certificate in PEM format.



  • 3.  RE: Replace Certificates - PFX File
    Best Answer

    Posted Feb 19, 2019 08:05 PM

    So imported the PFX file into vCenter in a temp directory and ran these three commands:

    openssl pkcs12 -in <filename.pfx> -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > <clientcert.key>
    openssl pkcs12 -in <filename.pfx> -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <clientcert.cer>
    openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <cacerts.cer>

    That gave me the three files I was looking for and replaced the certificates with no issue.



  • 4.  RE: Replace Certificates - PFX File

    Posted May 26, 2020 10:06 AM

    Hi TSprouse,

    I had generated the three files from pfx. How to proceed further? Can you say where I have to replace these files?