This article provides steps to install the intermediate certificate chain for vCenter Server 5.0.
To install the intermediate certificate chain for vCenter Server 5.0:
- Run this command to create the CSR file:
openssl req -new -nodes -out mycsr.csr -keyout rui.key -config /etc/ssl/openssl.cnf
- When prompted, enter the required information similar to:
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:tokyo
Locality Name (eg, city) :minato
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test company
Organizational Unit Name (eg, section) :test
Common Name (eg, YOUR name) :WIN-MYHOSTNAME
Email Address : email@example.com
- Get the certificates server certificate ( rui.crt), root certificate, and intermediate certificate from a trusted third party CA.
- Copy/paste the root certificate and intermediate certificate to a text file as middle.crt. The root certificate and intermediate certificate are now in middle.crt.
- Run this command to create the PFX file:
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -certfile middle.crt -passout pass:testpassword -out rui.pfx
- Run this command and confirm if the certificates certify each other:
openssl pkcs12 -in rui.pfx -out rui.txt
- Replace rui.crt, rui.key, and rui.pfx with old certificates in C:\programdata\VMware\VMware VirtualCenter\SSL or C:\Program Files\VMware\Infrastructure\Inventory Service\ssl.
- Go to https://localhost/mob/?moid=vpxd-securitymanager&vmodl=1 on vCenter Server and load the certificates for the configuration by using the Managed Object Browser.
- If you are prompted with a certificate warning, click Continue.
- Type the administrator username and password when prompted.
- Click reloadSslCertificate.
- Click Invoke Method. If successful, the window shows the message Method Invocation Result: void.
- Close both windows.
- Open a command prompt on vCenter Server and change to the vCenter Server directory. By default, the vCenter Server directory is located at C:\Program Files\VMware\Infrastructure\VirtualCenter Server.
- Run this command:
- Type the current username and password for the vCenter Server database user to encrypt the password with the new certificate.
- Restart the VMware VirtualCenter Server service from the service control manager. This, in turn, restarts the VMware VirtualCenter Management Web Services, Inventory, and Profile driven storage services.
- After restarting the service, wait for 5 minutes. If the profile driven storage service stops during this time, restart it.
- Log in to vCenter Server and validate that the plug-ins, such as hardware status and vCenter Server status, are up and running properly.
If you are using a OpenSSL Self Signed CA, to install the root certificate during the first login, click View Certificate when the certificate warning appears.
Click Install Certificate and place the certificate in Trusted root certificate authorities > Local Computer store.
Complete the wizard. You should see the Import was successful message displayed.
Based on VMware KB 2030422