With the release of vSphere 5.1 certificates started to play a much more vital role, where having invalid certificates in your environment is not an option anymore as it could break the operation of your environment as well forbid you from logging in. This change has been done to increase the security of your Virtual Infrastructure Management Components (vCenter Service, Inventory Services, SSO, Web Client, vCO, Update Manager, & vCenter Log Browser) & to compact the possibilities of man in the middle attacks. This change has brought a lot of challenges to many VMware customers who had invalid and expired certificates in their environment without even noticing it. The tedious process of replacing any of these certificates have not been a pleasure work for many, the good news is that VMware has just released vCenter Certificate Automation Tool 1.0 to streamline the process & release much of that pain.
VMware has just announced the general availability of vCenter Certificate Automation Tool 1.0. This tool provides an automated mechanism to replace certificates in the following components of the vCenter management platform:
- vCenter Server
- vCenter Single Sign On
- vCenter Inventory Service
- vSphere Web Client
- vCenter Log Browser
- vCenter Orchestrator (VCO)
- vSphere Update Manager (VUM)
The tool can be downloaded for free from: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_1#drivers_tools
Before you jump on the tool, please make sure you read the instructions on the requirements for using the tool, the steps to use it, as well the limitations & known issues to avoid any trouble. You can find all that info put nicely for you at: http://kb.vmware.com/kb/2041600
This tool is fully supported by VMware as well & I am sure it will be quite useful to many of VMware customers. This is the first step in improving certificates management in vSphere environment, keep tuned as it will just improve as we go.