热门标签
热门文章
- 1【Docker】error pulling image configuration: download failed after attempts=6: dial tc
- 2openHarmony系统简介_opeoharmony是做什么的
- 3Windows server 打开登录错误次数限制_windows server设置登录次数限制
- 4git取消add和commit操作_git 清空 add 和commit 内容
- 5粒子群优化算法(PSO算法)
- 6知识蒸馏(Knowledge Distillation)、半监督学习(semi-supervised learning)以及弱监督学习(weak-supervised learning)_知识蒸馏经典论hiton
- 7使用frp实现内网穿透教程_frps配置使用详解
- 8多节点高可用Eureka集群与服务注册_eruaka
- 9【ZYNQ——自定义AXI IP核】—— Linux系统下驱动程序和应用程序编写_zynq linux axi 驱动
- 10校园跑腿代购安卓APP 微信小程序的设计与实现(附源码_android校园跑腿小程序代码
当前位置: article > 正文
【vSphere 8 自签名证书】企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅳ—— 替换默认证书_please provide valid custom certificate for machin
作者:酷酷是懒虫 | 2024-06-20 07:31:55
赞
踩
please provide valid custom certificate for machine ssl.
博文摘要
博文主要描述了在 vCenter Server 8 上通过实用工具 certificate-manager 将 vSphere 默认 Machine SSL 证书替换为 企业 CA 自签名证书。适用的 vSphere 版本为 vSphere 7.0.x 和 vSphere 8.0.x
6. 使用企业 CA 签发的 SSL 证书 替换 vSphere 默认 SSL 证书
6.1 确认证书文件
SSH 到 VCSA 中,cd 到 /root/machine_ssl 目录,此时该目录存在4个文件
需要用到的是
- 自定义证书:machine_ssl.cer
- 自定义密钥:vmca_issued_key.key
- 签名证书:root-64.cer
6.2 替换默认 vSphere 证书
再次使用certificate-manager工具替换默认证书
root@vc7-3 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 8.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 1
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate
2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate
Option [1 or 2]: 2
Please provide valid custom certificate for Machine SSL.
File : /root/machine_ssl/machine_ssl.cer
Please provide valid custom key for Machine SSL.
File : /root/machine_ssl/vmca_issued_key.key
Please provide the signing certificate of the Machine SSL certificate
File : /root/machine_ssl/root-64.cer
You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : Y
Command Output: /root/machine_ssl/machine_ssl.cer: OK
Status : 100% Completed [All tasks completed successfully]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
此时 SSL 证书的更新状态是100%成功完成。
6.3 验证自签名证书
登录 vSphere Client,Menu > Administration > Certificastes > Certificate Management,找到 Machine SSL Certificate,点击VIEW DETAILS
此时 企业CA 直接签发的 Machine SSL 证书替换成功。
6.4 补充说明
我们替换的是 Machine SSL 证书,其它 VMCA 证书还是使用 vSphere 默认证书。
查看 VMware Certificate Authority 的 VMCA_ROOT_CERT 详细信息,显示内容依然和VMware相关:
关联博文
1.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅰ—— 生成 CSR
2.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅱ—— 创建和添加证书模板
3.企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅲ—— 颁发自签名与替换证书
4.[企业 CA 签名证书替换 vSphere Machine SSL 证书Ⅳ—— 替换默认证书](
参考资料
- Obtaining vSphere certificates from a Microsoft Certificate Authority (2112014)
- 博文封面图片来自:https://blog.codavel.com/accepting-self-signed-certificates-in-okhttp3
推荐阅读
相关标签
