Certificates

NSX-T 3.x restore compliancy

Yesterday I had an issue with my NSX-T 3.0.1 deployment in my lab. I was not able to resolve the issue, so I had to recover NSX from backup. Luckily I was making backups every day. So, it would not be hard te recover right? Well, think again if you are running NSX-T 3.x and you have deployed your Solution with custom certificates in a prior NSX-T version.

(more…)

Replace vRO certificates in a vRA embedded installation

Some time ago I deployed vRealize Automation with vRealize Orchestrator embedded in the appliance in my home lab and I’m not very experienced yet with vRA and vRO. The reason that I deployed it is mainly that I want to get more hands-on experience with vRA and vRO and eventually use the gained knowledge for customers.

vRA was already running for a couple of months, and all the frontend self-signed certificates were already replaced by my Microsoft home lab CA issued certs. When I started using vRO, I noticed that the certificate was not replaced yet and that the appliance was still using the default self-signed one. I started googling how to replace the vRO certificate and found the following official VMware documentation. This article states that you can trust the already installed custom certificates in vRA. I executed every step from the official VMware guideline but was unsuccessful to replace the vRO certificates with the procedure. Fortunately, I was able to replace the certificates with another procedure. (more…)

vRealize Network Insight – Replace self-signed certificate

How to replace the self-signed certificate from vRealize Network Insight by a custom-cert from your own internal CA.

Prerequisites:

Installed OpenSSL on Windows (http://gnuwin32.sourceforge.net/packages/openssl.htm)
ESXi host with SSH enabled and reachable from the Network Insight Platform VM
Filezilla client

(more…)

OpenSSL: Create CSR for certificate with additional Subject Alternative Name(s) (Windows)

Procedure to create CSR with SAN (Windows)

Login into server where you have OpenSSL installed (or download it here)
Go to the directory where openssl is located (on Windows)
Create a file named sancert.cnf with the following information

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (NL)
stateOrProvinceName         = State or Province Name (ZH)
localityName               = Locality Name (AADR)
organizationName           = Organization Name (WGE)
commonName                 = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = sslcert.wesleygeelhoed.nl
DNS.2   = dns2.com
DNS.3   = dns3.com

* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…

Save the file and execute following OpenSSL command, which will generate CSR and KEY file

openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf

This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!

WesleyGeelhoed.nl

Virtualization – Akita Inu – Football – Tech – Trips – Bikes and more…