WoodITWork.com

It's about time I let the world know what I was thinking...

vSphere 5 Certificates: 7 - Replacing the default Update Manager 5 Server Certificate

By Julian Wood
certificatesupdatemanagervcentervmware-2

This is the final post of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default Update Manager 5 Server Certificate

VMware Update Manager uses a different self-signed certificate to authenticate against vCenter Server which also needs to be replaced. You can use the same vCenter certificate if the Update Manager installation is on the same server as vCenter or create and trust a new certificate using the same procedure with the Update Manager server name if it is on another server.

On the Update Manager Server navigate to the Update Manager installation directory C:\Program Files (x86)\VMware\Infrastructure\Update Manager.

Make a backup copy of the SSL folder.

image

Copy the same rui.crt, rui.key and rui.pfx certificate files you created as part of the vCenter Server certificate process into the SSL folder if Update Manager is on the same server else use the other ones you have created.

Image(1)_thumb

Launch the Update Manager Utility which is located:

C:\Program Files (x86)\VMware\Infrastructure\Update Manager\VMwareUpdateManagerUtility.exe

Log into vCenter with an administrative account.

image

Select SSL Certificate

image

The steps listed are for creating the certificates and copying the files which have already been done.

Select Followed and verified the steps and click Apply.

image

The configuration change will be applied.

When complete, you will see a dialog box.

image

Restart the VMware vSphere Update Manager Service to complete the certificate change.

You can confirm the certificate has been installed successfully by re-launching the vSphere client and ensuring you no longer get any certificate warnings for the vCenter Server and Update Manager (you may still get warnings for other vCenter components and plug-ins which use different certificates).

Once complete you have successfully created your own Root Certificate Authority, deployed the root CA certificate to your clients and created and replaced the default certificates for VMware vCenter, Web Client ServerInventory Service and Update Manager.