Generating RSA Key & CSR for use with VMware Solutions…
Ever received a Security Warning while logging into either you ESX/i host and/or vCenter?
That's due to the SSL certificate being untrusted with your machine. You can always click the "Ignore" button or check the "Install this certificate..." box and then "Ignore" and move on, however you can improve the security by replacing the certificates with certificates signed by a commercial certificate authority (CA).
To generate an RSA Key and certificate signing request (CSR), we'll start by downloading the OpenSSL-Light application on the system you'll be installing or have already installed a VMware application. The application is available from the following site: http://www.slproweb.com/products/Win32OpenSSL.html
Download the "Win32 OpenSSL v1.0.0e Light" application along with the "Visual C++ 2008 Redistributables". Once downloaded, run the Visual C++ file (in this case, "vcredist_x86.exe"). Click "Next", check the "I have read and accept the license terms." box and click "Install", wait a couple seconds and click "Finish".
Now it's time to install OpenSSL by running the "Win32OpenSSL_Light-1_0_0e.exe" and installing it to your desired location. Click "Next", accept the agreement and click "Next", choose an install location (default is the root of C:\, but I don't like cluttering up the root of C:\) and click "Next", click "Next", change the option so that the OpenSSL DLLs are copied to the OpenSSL binaries (/bin) directory and click "Next", then click "Install", once the installer is finished click "Finish".
From this point, open up a command prompt and navigate to the bin folder within the location of the installation of OpenSSL. To generate the key, run the following command: openssl genrsa 1024 > rui.key Once that is complete, generate the CSR by running this command: openssl req -new -key rui.key > rui.csr After running the command, you'll be asked to populate some information regarding your country name, state, city, organization name and unit, common name and email address.
If you happen to receive the error: "WARNING: can’t open config file: /usr/local/ssl/openssl.cnf" this is due to OpenSSL being unable to find the openssl.cnf file. To correct this error, run the following command: set OPENSSL_CONF=c:\[PATH TO OPENSSL DIRECTORY]\bin\openssl.cfg
After creating the CSR, submit it to either the admin of your Microsoft Certificate Services CA or to whomever handles the certificates from a commercial CA.
Upcoming Events
Recent Posts
- PowerCLI – Copying PortGroups from a Standard vSwitch to a Distributed vSwitch
- PowerCLI – Rescan HBAs for a Cluster on a Host by Host Basis
- PowerCLI – Analyze a Cluster to Move VMs to a Resource Pool
- Fusion-IO Caching Tests…
- Updating the Fusion-IO firmware…
Certifications
My Home Lab vMetrics
10 GHz Total CPU 
16 GB Total RAM 
7,578 GB Total Disk
1 Host(s)
1 RPs
8 VMs
0 vMotions
(4) 
(4) 
(0)
3 Physical NICs
3 Virtual PGs
Tags
5.1.1 2008 R2 2008R2 6510E 8024F Data Recovery Dell EQL Equallogic ESXi ESXi 5 firmware Fusion-IO HIT HIT/VE HIT Kit install iSCSI MEM Microsoft Multipathing OVA OVF plugin PowerCLI PowerConnect Round Robin Server snapshot Update Manager Upgrade vCenter vDR VirtualCenter Virtual Center vMotion VMUG VMware VMworld vSphere vSphere 5 VSS vSwitch VUM Windows
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.