VMware vSphere

 View Only

  • 1.  Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 09, 2023 12:32 PM

    Anyone know of any VMware supported solution for auto-renewal of the SSL machine cert? I am starting to think in the future when Google is going to require 90 day SSL expirations in October 2024. Will be a mess so trying to think ahead of time. 



  • 2.  RE: Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 09, 2023 05:21 PM

    hi ,

    Self signed certificate for machine ssl cert is for 2 years currently



  • 3.  RE: Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 09, 2023 05:23 PM

    We use a custom machine certificates, not self-signed for security compliance. Google next year will be moving the maximum 1 year lifetime, down to only 90 days now. So I hope VMware will work on letting people use automatic renewal apis.

    https://sectigo.com/resource-library/google-announces-intentions-to-limit-tls-certificates-to-90-days-why-automated-clm-is-crucial

     



  • 4.  RE: Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 09, 2023 05:40 PM

    hello 

    If using custom certs , signed by external CA along with root and intermediate key . 

    Validity of those certs if 90 days , 180 days or xxx days .

    It can't be renewed from vmware certificate manager , only thing you can do is add new custom certs to vcenter stores such as machine_ssl_cert.

     

    All the custom certs can only be replaced and self signed only can be regenerated

    mannharry_0-1681061880149.png

    https://kb.vmware.com/s/article/2097936

     

     

    Regards

    Harry



  • 5.  RE: Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 09, 2023 06:08 PM

    I understand that. I was asking if VMware is going to come up with a solution for this. I hope so. 



  • 6.  RE: Solution for vCenter auto-renewal of SSL machine cert

    Posted Apr 10, 2023 03:25 AM

    Since its externally signed , i doubt it