Posted by: Rick Vanover
Rick Vanover, SQL, VI3, VirtualCenter, VMware ESX
Earlier this year, I posted a blog entry about the certificate configuration for VirtualCenter installations and the fact that the certificate does not get upgraded or renewed as you perform upgrades of VirtualCenter. The default certificate of a VirtualCenter installation is valid for two years.
Certificate management is not one of my areas of expertise. With that, I’m posting this series of blog posts with the hopes that it will help other admins complete this mundane task seamlessly. I am currently faced with upgrading the certificate configuration for my VirtualCenter 2.5 Update 2 system. The VirtualCenter default certificate is made up of three files: rui.cert, rui.key and rui.pfx. All are located in the C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL folder for default installations. Now these certificates are SSL certificates, or web certificates that manage the communication between elements of VI3. This includes ESX hosts, VMware Infrastructure Client connections, the database and VirtualCenter Server connections.
In the earlier post, I mentioned VMware’s PDF as a good starting point for the certificate renewal process. The PDF explains a lot of different things, but leaves a few key areas out about how to fix the immediate problem. Luckily, I came across a very handy blog that simplifies things and gave me easy steps to follow. Leo Raikhman’s Ramblings blog gives direct guidance for those of us who are a little fuzzy with certificates. Leo points out in three separate blogs a basic way to address the problem, a 1-2-3 approach, and some in-depth explanation for an occasional zero-length pfx file causing generation issues.
I have successfully followed Leo’s materials for a seamless upgrade in an isolated test environment with no workload. Soon, I will repeat the drill on the live environment and let you know how it goes in another blog post.