Purpose
This article provides steps to install the intermediate certificate chain for vCenter Server 5.0.
Resolution
To install the intermediate certificate chain for vCenter Server 5.0:
- Run this command to create the CSR file:
openssl req -new -nodes -out mycsr.csr -keyout rui.key -config /etc/ssl/openssl.cnf - When prompted, enter the required information similar to:
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:tokyo
Locality Name (eg, city) []:minato
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test company
Organizational Unit Name (eg, section) []:test
Common Name (eg, YOUR name) []:WIN-MYHOSTNAME
Email Address []: [email protected] - Get the certificates server certificate ( rui.crt), root certificate, and intermediate certificate from a trusted third party CA.
- Copy/paste the root certificate and intermediate certificate to a text file as middle.crt. The root certificate and intermediate certificate are now in middle.crt.
- Run this command to create the PFX file:
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -certfile middle.crt -passout pass:testpassword -out rui.pfx - Run this command and confirm if the certificates certify each other:
openssl pkcs12 -in rui.pfx -out rui.txt - Replace rui.crt, rui.key, and rui.pfx with old certificates in C:\programdata\VMware\VMware VirtualCenter\SSL or C:\Program Files\VMware\Infrastructure\Inventory Service\ssl.
- Go to https://localhost/mob/?moid=vpxd-securitymanager&vmodl=1 on vCenter Server and load the certificates for the configuration by using the Managed Object Browser.
- If you are prompted with a certificate warning, click Continue.
- Type the administrator username and password when prompted.
- Click reloadSslCertificate.
- Click Invoke Method. If successful, the window shows the message Method Invocation Result: void.
- Close both windows.
- Open a command prompt on vCenter Server and change to the vCenter Server directory. By default, the vCenter Server directory is located at C:\Program Files\VMware\Infrastructure\VirtualCenter Server.
- Run this command:
vpxd -p - Type the current username and password for the vCenter Server database user to encrypt the password with the new certificate.
- Restart the VMware VirtualCenter Server service from the service control manager. This, in turn, restarts the VMware VirtualCenter Management Web Services, Inventory, and Profile driven storage services.
- After restarting the service, wait for 5 minutes. If the profile driven storage service stops during this time, restart it.
- Log in to vCenter Server and validate that the plug-ins, such as hardware status and vCenter Server status, are up and running properly.
- If you are using a OpenSSL Self Signed CA, to install the root certificate during the first login, click View Certificate when the certificate warning appears.
- Click Install Certificate and place the certificate in Trusted root certificate authorities > Local Computer store.
- Complete the wizard. You should see the Import was successful message displayed.Based on VMware KB 2030422
