Install & Configure Microsoft Certificate Authority for vCenter Certificates
General Info:
# Microsoft Certification Authority (MSCA) can be installed on your domain controller or any machine which is a part of domain. In this case I have dedicated a virtual machine for MS CA.
# I encountered several configuration issues while configuring MSCA on Windows Server 2008 but found same process quite smooth in Windows server 2012.
# Configuring certtmpl.msc
Duplicate web server certificate .> select Windows Server 2003 Enterprise for backward compatibility
Edit the validity years & change name to VMware SSL
go to Extensions > key usage > edit > check 'signature is proof' & 'allow encryption' > OK
go to extensions > Application Policies > edit > Add > Client authentication > ok
go to Subject name > select supply in the request > ok
# Configuring certsrv.msc
right click 'Certficate template' > new > VMware SSL > ok
# Final log into http://localhost/certsrv
# Use IE (recommended) as other browsers behave differently & generates CER file which then again need to be renamed to CRT file.
Process captured on Screenshot:
1. Select a machine to Install Microsoft Certification Authority.
# Log into that machine with domain administrator account.
2. Add your domain administrator account into IIS_IUSRS group
3. Install IIS role & all the features as displayed in screenshots.
4. Install Microsoft Certificate Authority
5. Configure Microsoft Certificate Authority
6. Create a template for generating vCenter Server Certificates
7. Open the Certificate Authority in a browser to verify the VMware SSL template is ready to use
General Info:
# Microsoft Certification Authority (MSCA) can be installed on your domain controller or any machine which is a part of domain. In this case I have dedicated a virtual machine for MS CA.
# I encountered several configuration issues while configuring MSCA on Windows Server 2008 but found same process quite smooth in Windows server 2012.
# Configuring certtmpl.msc
Duplicate web server certificate .> select Windows Server 2003 Enterprise for backward compatibility
Edit the validity years & change name to VMware SSL
go to Extensions > key usage > edit > check 'signature is proof' & 'allow encryption' > OK
go to extensions > Application Policies > edit > Add > Client authentication > ok
go to Subject name > select supply in the request > ok
# Configuring certsrv.msc
right click 'Certficate template' > new > VMware SSL > ok
# Final log into http://localhost/certsrv
# Use IE (recommended) as other browsers behave differently & generates CER file which then again need to be renamed to CRT file.
Process captured on Screenshot:
1. Select a machine to Install Microsoft Certification Authority.
# Log into that machine with domain administrator account.
2. Add your domain administrator account into IIS_IUSRS group
3. Install IIS role & all the features as displayed in screenshots.
4. Install Microsoft Certificate Authority
5. Configure Microsoft Certificate Authority
6. Create a template for generating vCenter Server Certificates
7. Open the Certificate Authority in a browser to verify the VMware SSL template is ready to use
Hi Shobhit,
ReplyDeleteCan i use the same step and process for W2k8 servers? as you mentioned that you faced several issue while config on server w2k8