Prepare Certificate Authority for VCF Certificate Replacement

In the previous blog post, we discussed the installation and initial configuration of Microsoft Certificate Service on a Windows Server and enabled Certificate Web Enrollment on that server. The second step to replacing the default self-signed certificate in VCF is to prepare the Certificate Authority with a new certificate template and assign a service account so that an alternative user can request the certificates instead of the default administrative accounts. With that said, let’s move forward with creating the customized certificate template.

When you request a certificate from a Certificate Authority(CA), the CA lets you choose from its templates store. We must create a template and publish it in the certificate store to create a customized certificate. Open the Certificate Authority snap-in from the CA server’s Administrative Tools to create the customized certificate. If you click Certificate Templates under your CA, you’ll see all the valid certificates in the certificate store.

Continue reading “Prepare Certificate Authority for VCF Certificate Replacement”

Installing and Configuring Active Directory Certificate Services (AD CS)

One standard method of issuing valid certificates to infrastructure software solutions like VMware Cloud Foundation(VCF) is through an internal Microsoft Certificate Authority(CA). Most organizations that use Active Directory(AD) as a directory service also use AD Certificate Services to issue certificates when replacing the self-signed, auto-generated certificates. Even though this service might be installed and running in your infrastructure, this blog post explains how to install and configure it on a Windows Server machine to integrate with VCF infrastructure. After installing and configuring Certificate Authority, we should create a Certificates Template, integrate VCF with this CA, and finally request certificates and replace them through SDDC Manager,

In this post, we will install AD CS on a Windows Server 2022 joined to an Active Directory domain and configure Web Enrollment to allow users to request and retrieve certificates via a web interface.

Continue reading “Installing and Configuring Active Directory Certificate Services (AD CS)”

NSX SSL Certificate Replacement – Part 1

NSX 4 installation comes with an out-of-the-box self-signed SSL certificate. For security and compliance reasons, most customers want to replace the default self-signed certificates with CA-signed certificates. In this two-part blog post, I’ll explain how to prepare your certificate infrastructure, request the certificate, and finally replace the SSL certificate. There are some very useful guides, like this one from VMware, but I will explain the whole certificate replacement process in the following blog posts.*3Ntz8MAEObg_dW10I9-RfQ.png
Continue reading “NSX SSL Certificate Replacement – Part 1”