VCSA 6/6.5 Replace Machine SSL with 3rd party CA SSL certificate

2nd May 2017
by InfiniteMonkeys

VCSA 6/6.5 Replace Machine SSL with 3rd party CA SSL certificate

SSH (1st Window)
“shell”
“mkdir /root/ssl”
“/usr/lib/vmware-vmca/bin/certificate-manager”
Option 1
** Note name should be the same as hostname (FQDN)

SSH (2nd Window)
shell
“cd /root/ssl”
“mv vmca_issued_key.key machine_ssl.key”
“vi vmca_issued_csr.csr”
Copy CSR to your 3rd party CA and request SSL
=== Banana & Tea Break whilst you wait issue, mileage may vary ===
Download SSL cert bundle
Copy “issuedssl.cer” contents
“vi /root/ssl/machine_ssl.cer” and paste
:wq!
Copy contents of root certs or bundle:
“vi /root/ssl/root-64.cer” and paste
** If you have multiple “CA” certs, these all need to go in “root-64.cer” one after the other. Some CA’s will bundle these three together for you on download as one file such as “gd_bundle-g2-g1”
:wq!

Back to 1st Window
Option 1. Continue to importing Custom certificate(s) and key(s) for Machine SSL certificate

Supply file paths:
/root/ssl/machine_ssl.cer
/root/ssl/machine_ssl.key
/root/ssl/root-64.cer

Choose Yes to apply the new SSL cert, this can take a few minutes to update the services and restart things.. still got some tea left?

And all going well, test your URL and the new cert should be active! Pat on back etc.. It’s not always easy being green, but sometimes it is.