In the previous blog post entitled How To: Replace vCenter 5 & VUM Certificates we had replaced out certificates for vCenter and VUM but had only refreshed out vCOPS and View administration portals to connect to the trusted vCenter certificate.
In this post we are going to walk threw the process of replacing the vCenter Operations Manager Certificate, we are assuming that the prerequisites in How To: Replace vCenter 5 & VUM Certificates are in place.
Step 1 – Certificate Request
On an Windows Server 2008 based VM that has rights to request and enroll a certificate from your Internal CA
Click Start > Run > MMC > File > Add/Remove Snap-in
Select Certificates > Add > Computer Account > Next
Expand Personal > Certificates > Right Click > All Tasks > Request New Certificate
Click Next > Select Active Directory Enrollment Policy
Select your Certificate Template (mines called HorizonView) then click on ‘More information is required to enroll for this certificate. Click here to configure settings’.
Change Subject Name to Common Value and enter the Fully Qualified Domain Name of your vCenter Operations Manager UI VM. In my case it is VMF-VCOPS01.vmfocus.com and Add this to the certificate request.
Next change the Alternative Name to DNS and enter the NetBIOS name e.g. VMF-VCOPS01 and the Fully Qualified Domain Name e.g. VMF-VCOPS01.vmfocus.com and Add this to the certificate request
Click Next and then Enroll
Once enrolled you will see the new certificate is in your Personal folder
Step 2 – Export Certificate
Well, it’s not much good to us here, so we need to export it. Right Click the Certificate > All Tasks > Export
Select Yes, export the private key and hit Next
Select Personal Information Exchange – PKCS #12 (.PFX) and hit Next
Enter the password for the Private Key (we will need this later so make sure you remember it)
Choose a destination and name for the exported certificate
If all has gone to plan, hit Finish
Step 3 – Convert .PFX to .PEM
The kicker is that vCenter Operations Manager doesn’t accept .PFX certificates only .PEM so we need to convert it using OpenSSL
Copy the certificate to the C: on your OpenSSL VM and then drop into the CMD and cd to C:OpenSS-Win32bin
The command we need to run is:
openssl pkcs12 -in C:vCPOSCert.pfx -out C:vCOPSCert.pem -nodes
You will be prompted for your password, enter this and your certificate is now in .PEM format
Step 4 – Import Certificate into vCenter Operations Manager
Launch the vCOPS Admin URL e.g. https://vcops01/admin and enter your credentials.
Select the SSL tab and then browse to your certificate location and hit Install
Once done, click o the Status Tab and Restart Application Controls.
If we have been successful, when you browse to your vCOPS URL you should see a Trusted Certificate