vCenter

 View Only
  • 1.  vCenter SSL renewal - real world

    Posted Sep 12, 2023 03:29 PM
      |   view attached

    For vCenters that use self-signed VMCA certificates, does the VMCA GUI actually replace all the needed certificates?  I know the GUI has improved alot since the 6.0 days, but it seems like it still can only renew the machine, VMCA_ROOT_CERT and STS_Cert.  It doesn't renew the web or other solution certs.

    I usually use the cli certificate-manager and use option '4' to renew all certificates.  

     

    Is there a better way?  I'd like to find a way to automate this, since we have a lot of vCenters



  • 2.  RE: vCenter SSL renewal - real world

    Posted Sep 14, 2023 07:37 PM

    I find using the CLI a better option, just seems to work, every now and again the GUI seems to not work, never have that problem with the CLI.

     



  • 3.  RE: vCenter SSL renewal - real world

    Posted Sep 14, 2023 09:18 PM


  • 4.  RE: vCenter SSL renewal - real world

    Posted Sep 14, 2023 09:36 PM

    Hi - thanks, i use the cli certificate-manager today.  My issue is that this is a manual process and it doesn't scale well when you get into triple digits of vCenters to manage.  I've been looking for a way to regenerate my self signed certificates via script/api call.  As of now, it looks like i can only do the machine cert.

     

     



  • 5.  RE: vCenter SSL renewal - real world

    Posted Sep 19, 2023 12:50 PM

    GUI has issues while generating/replacing the certificates, The CLI method is a good option at least we can see if any failure occurs at the time, els we use the VMCA Certificate Generator from VMware Flings.