Part 2 — vCenter 5.1 U1 — Creating and installing SSL certs for SSO.

Installing Certificates with the VMware SSL Certificate Automation Tool

  1. From and administrative prompt run c:\vmwarecerttool\ssl-environment.bat.  This is important because it sets the variables that we edited early on.
    sslenvironment
  2. Next run c:\vmwarecerttool\ssl-updater.bat
    Step2
  3. At this point backup all VMware Databases (VCDB, RSA, and VCU).  Also take a VMware snapshot of the three VMware VMs.
  4. Select Option 1 and then Option 8.  Print out the Detailed Plan.
    Detailedplan
  5. Press 9 to go back to the main menu and then choose option 3, “Update Single Sign-on”.  Say a huge prayer and then press 1 to “Update the Single Sign-on SSL Certificate.  You will be prompted for the Single Sign-on master password.  Did you remember to write down your single sign-on master password?  You will need this many times during this install.
    Step1

    Hopefully it was successful…
    successfulmessage
  6. Switch to the vCenter Inventory Service Server.  From an administrative prompt run c:\vmwarecerttool\ssl-environment.bat and then c:\vmwarecerttool\ssl-updater.bat.  Select Option 4 “Update Inventory Service” and then option 1 “Update the Inventory Service Trust to Single Sign-On.
    Step3
  7. Select option 3, “Update the Inventory Service SSL Certificate”.  You will be prompted for the SSO admin password.
    Step4
  8. Login to the vCenter Server.  From an administrative prompt run c:\vmwarecerttool\ssl-environment.bat and then run c:\vmwarecerttool\ssl-updater.bat.  Choose option 5, “Update vCenter Server” and then option 1, “Update the vCenter Server Trust to Single Sign-On”.
    Step5
  9. Make sure that you created an administrator account within vCenter to use for this install.  This will be needed for the next step!
  10. Select option 2, “Update the vCenter Server SSL Certificate”.  You will need the passwords for your vcenter administrator, SSO admin, and the vCenter system database password.
    Step6
  11. Next, select option 3, “Update the vCenter Server Trust to the Inventory Service”.
    Step7
  12. Go back to the Inventory Service Server and choose option 2, “Update the Inventory Service Trust to vCenter Server”.
    Step8

  13. Switch again to the vCenter Server and select option 5 to get to the main menu, and then option 6, “Update vCenter Orchestrator (vCO)”.  Select option 1, “Update the vCenter Orchestrator Trust to Single Sign-On”.
    Step9
  14. Select option 2, “Update the vCenter Orchestrator Trust to Single Sign-On”.
    Step10
  15. Select option 3, “Update the vCenter Orchestrator (vCO) SSL Certificate”.
    Step11
  16. Select option 5 to go back to the main menu.  Select option 7, “Update vSphere Web Client and Log Browser”.  Now select option 1, “Update the Web Client Trust to Single Sign-On”.  You will be prompted for the SSO admin password.
    Step12
  17. Now choose option 2, “Update the Web Client Trust to Inventory Service”.
    Step13
  18. Continue with option 3, “Update the Web Client Trust to vCenter Server”.
    Step14
  19. Next choose option 4, “Update the Web Client SSL Certificate”.  You will be prompted for the SSO admin password.
    Step15
  20. Continue by selecting option 5, “Update the Log Browser Trust to Single Sign-On”.  This will ask you for the SSO admin password.
    Step16

The last item for the certification tool is to choose option 6, “Update the Log Browser SSL Certificate”.  This will ask you for the SSO admin password.

Updating VUM SSL Certificate

  1. Backup all the files in the directory below.  Copy the rui.key, rui.crt, and rui.pfx files from the c:\certs\vum directory to c:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL
  2. Stop the VMware vSphere Update Manager Service.
    Step18
  3. In the C:\Program Files (x86)\VMware\Infrastructure\Update Manager directory launch the VMwareUpdateManagerUtility.exe application.
  4. Login to the vCenter server using proper credentials.
    Step19
  5. Click on the SSL Certificate option on the left side then check the box on the right side and click Apply.
    Step21
  6. If all goes well you should see the window below.  Restart the service as directed.
    Step22Go Back to Part 1
    https://favoritevmguy.wordpress.com/2013/06/17/part-1-vcenter-5-1-u1-creating-and-installing-ssl-certs-for-sso/

 

Advertisements

One response to “Part 2 — vCenter 5.1 U1 — Creating and installing SSL certs for SSO.

  1. Pingback: Part 1 — vCenter 5.1 U1 — Creating and installing SSL certs for SSO. | Favoritevmguy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s