• Using vecs-cli to manage VMware Certificate Endpoint Store (VECS) instances

    May 28, 2015 by: Sean Whitney in: Certificates 4 Comments

    VMware introduced a brand new certificate architecture to ease the process of implementing certificates in vSphere 6.0. I have outlined the new architecture changes and the process of Replacing Certificates in vSphere 6.0 already, but I wanted to go through some of the VECS-CLI commands for anyone that was interested in diving deeper into the certificate architecture.   The VMware Certificate Endpoint Store (VECS) is is a repository for SSL certs and private keys. VECS is a requirement for vCenter Server, so you must use it, unlike the VMware Certificate Authority (VMCA), which is optional. Regardless of your topology for […]

    Read more »

  • Creating Microsoft CA templates for certificates in vSphere 6.0

    May 22, 2015 by: Sean Whitney in: Certificates 4 Comments

    vSphere 6 certificate implementation is much easier than vSphere 5.x thanks to a lot of changes made by VMware. I wrote a previous article on how to replace the Machine SSL certificate, use VMCA as a subordinate CA, and ESXi 6.0 certificate replacement. From my experience, a majority of our customers are using Microsoft for their internal Certificate Authority. One thing I wanted to document for everyone is how to properly create Microsoft CA templates to sign the Certificate Signing Requests (CSRs). There are a few different templates to create, depending on what certificates you are replacing.   Template for […]

    Read more »

  • vSphere 6.0 and 6.5 SSL certificate Replacement / Implementation using the Certificate-Manager automation tool

    March 13, 2015 by: Sean Whitney in: Certificates 116 Comments

      vSphere 6.x Architecture   vSphere Certificate replacement and implementation is much easier than Center Server 5.1 or 5.5. In the past, you would have to replace each out of the endpoint certificates, for example vCenter Server, Single Sign On, Inventory Service, Web Client, and so forth. To simplify the process, VMware now uses a Reverse HTTP Proxy which will route traffic accordingly, meaning we only need to replace one certificate, instead of replacing all them in the previous version. There are 4 Solution Users in vSphere 6.x – vpxd, vpxd-extention, vsphere-webclient, and machine and you can replace each solution user […]

    Read more »
Sean Whitney

SPONSORS

Back to Top