How To: Replace vCenter Operations Manager Certificates

In the previous blog  post entitled How To: Replace vCenter 5 & VUM Certificates we had replaced out certificates for vCenter and VUM but had only refreshed out vCOPS and View administration portals to connect to the trusted vCenter certificate.

In this post we are going to walk threw the process of replacing the vCenter Operations Manager Certificate, we are assuming that the prerequisites in How To: Replace vCenter 5 & VUM Certificates are in place.

Step 1 – Certificate Request

On an Windows Server 2008 based VM that has rights to request and enroll a certificate from your Internal CA

Click Start > Run > MMC > File > Add/Remove Snap-in

Select Certificates > Add > Computer Account > Next

vCOPS01

Expand Personal > Certificates > Right Click > All Tasks > Request New Certificate

vCOPS02Click Next > Select Active Directory Enrollment Policy

vCOPS03

Select your Certificate Template (mines called HorizonView) then click on ‘More information is required to enroll for this certificate.  Click here to configure settings’.

vCOPS04

Change Subject Name to Common Value and enter the Fully Qualified Domain Name of your vCenter Operations Manager UI VM.  In my case it is VMF-VCOPS01.vmfocus.com and Add this to the certificate request.

Next change the Alternative Name to DNS and enter the NetBIOS name e.g. VMF-VCOPS01 and the Fully Qualified Domain Name e.g. VMF-VCOPS01.vmfocus.com and Add this to the certificate request

vCOPS20

Click Next and then Enroll

vCOPS21

Once enrolled you will see the new certificate is in your Personal folder

vCOPS07

Step 2 – Export Certificate

Well, it’s not much good to us here, so we need to export it.  Right Click the Certificate > All Tasks > Export

vCOPS08

Select Yes, export the private key and hit Next

vCOPS09

Select Personal Information Exchange – PKCS #12 (.PFX) and hit Next

vCOPS10

Enter the password for the Private Key (we will need this later so make sure you remember it)

vCOPS11

Choose a destination and name for the exported certificate

vCOPS12

If all has gone to plan, hit Finish

vCOPS13

Step 3 – Convert .PFX to .PEM

The kicker is that vCenter Operations Manager doesn’t accept .PFX certificates only .PEM so we need to convert it using OpenSSL

Copy the certificate to the C:\ on your OpenSSL VM and then drop into the CMD and cd to C:\OpenSS-Win32\bin

The command we need to run is:

openssl pkcs12 -in C:\vCPOSCert.pfx -out C:\vCOPSCert.pem -nodes

You will be prompted for your password, enter this and your certificate is now in .PEM format

vCOPS14

Step 4 – Import Certificate into vCenter Operations Manager

Launch the vCOPS Admin URL e.g. https://vcops01/admin and enter your credentials.

Select the SSL tab and then browse to your certificate location and hit Install

vCOPS15

Once done, click o the Status Tab and Restart Application Controls.

vCOPS16

If we have been successful, when you browse to your vCOPS URL you should see a Trusted Certificate

vCOPS17

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s