当前位置:   article > 正文

【vSphere 8 自签名证书】企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅳ—— 替换默认证书_please provide valid custom certificate for machin

please provide valid custom certificate for machine ssl.

博文摘要

博文主要描述了在 vCenter Server 8 上通过实用工具 certificate-manager 将 vSphere 默认 Machine SSL 证书替换为 企业 CA 自签名证书。适用的 vSphere 版本为 vSphere 7.0.x 和 vSphere 8.0.x

6. 使用企业 CA 签发的 SSL 证书 替换 vSphere 默认 SSL 证书

6.1 确认证书文件

SSH 到 VCSA 中,cd 到 /root/machine_ssl 目录,此时该目录存在4个文件

在这里插入图片描述

需要用到的是

  • 自定义证书:machine_ssl.cer
  • 自定义密钥:vmca_issued_key.key
  • 签名证书:root-64.cer

6.2 替换默认 vSphere 证书

再次使用certificate-manager工具替换默认证书

root@vc7-3 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
                 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
                |                                                                     |
                |      *** Welcome to the vSphere 8.0 Certificate Manager  ***        |
                |                                                                     |
                |                   -- Select Operation --                            |
                |                                                                     |
                |      1. Replace Machine SSL certificate with Custom Certificate     |
                |                                                                     |
                |      2. Replace VMCA Root certificate with Custom Signing           |
                |         Certificate and replace all Certificates                    |
                |                                                                     |
                |      3. Replace Machine SSL certificate with VMCA Certificate       |
                |                                                                     |
                |      4. Regenerate a new VMCA Root Certificate and                  |
                |         replace all certificates                                    |
                |                                                                     |
                |      5. Replace Solution user certificates with                     |
                |         Custom Certificate                                          |
                |         NOTE: Solution user certs will be deprecated in a future    |
                |         release of vCenter. Refer to release notes for more details.|
                |                                                                     |
                |      6. Replace Solution user certificates with VMCA certificates   |
                |                                                                     |
                |      7. Revert last performed operation by re-publishing old        |
                |         certificates                                                |
                |                                                                     |
                |      8. Reset all Certificates                                      |
                |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 1

Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
         1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate

         2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate

Option [1 or 2]: 2

Please provide valid custom certificate for Machine SSL.
File : /root/machine_ssl/machine_ssl.cer

Please provide valid custom key for Machine SSL.
File : /root/machine_ssl/vmca_issued_key.key

Please provide the signing certificate of the Machine SSL certificate
File : /root/machine_ssl/root-64.cer

You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : Y
Command Output: /root/machine_ssl/machine_ssl.cer: OK

Status : 100% Completed [All tasks completed successfully]

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56

在这里插入图片描述

此时 SSL 证书的更新状态是100%成功完成。

6.3 验证自签名证书

登录 vSphere Client,Menu > Administration > Certificastes > Certificate Management,找到 Machine SSL Certificate,点击VIEW DETAILS

在这里插入图片描述

此时 企业CA 直接签发的 Machine SSL 证书替换成功。

6.4 补充说明

我们替换的是 Machine SSL 证书,其它 VMCA 证书还是使用 vSphere 默认证书。

查看 VMware Certificate Authority 的 VMCA_ROOT_CERT 详细信息,显示内容依然和VMware相关:

在这里插入图片描述

关联博文

1.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅰ—— 生成 CSR
2.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅱ—— 创建和添加证书模板
3.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅲ—— 颁发自签名与替换证书
4.[企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅳ—— 替换默认证书](

参考资料

本文内容由网友自发贡献,转载请注明出处:https://www.wpsshop.cn/w/酷酷是懒虫/article/detail/739047
推荐阅读
相关标签
  

闽ICP备14008679号