I think most people have had issues with replacing/updating certificates on the various virtual appliances that will be floating around their infrastructure, thankfully (and finally someone has done it!), there’s a fling created to help with this! Much kudos to the creators!
Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.
- VMware Platform Services Controller (PSC)
- VMware vCenter Server (VC)
- VMware NSX for vSphere (NSX)
- vRealize Log Insight (vRLI)
- vRealize Operations Manager (vROps)
- vRealize Automation (vRA)
- vRealize Business for Cloud (vRB)
SDDC Certificate Tool
I hate certificates. Well, a nice wildcard cert deployed internally is fine, but when there’s a faff to replace certificates and it’s been so long, that you really cannot remember what you did in the first place…I just hate it. So imagine my childish delight when I had to build AD CS!
It’s not that bad in all fairness and it boils down to make server, add role, next next next and let AD do it’s magic for all machines you need sending the certificate to within the domain. That’s just reminded me about the VDM certificate for connection servers, which will come later on.
I followed the MS lab guides and also backed this up with a very nice blog post with pretty screenshots and all worked fine. Just remember to add in any subject alternative names if you have a mixture of FQDN and abbreviated server names within your domain.
AD CS and PKI
Deploying Standalone Root CA (Server 2012)