Yesterday I had an issue with my NSX-T 3.0.1 deployment in my lab. I was not able to resolve the issue, so I had to recover NSX from backup. Luckily I was making backups every day. So, it would not be hard te recover right? Well, think again if you are running NSX-T 3.x and you have deployed your Solution with custom certificates in a prior NSX-T version.(more…)
Some time ago I deployed vRealize Automation with vRealize Orchestrator embedded in the appliance in my home lab and I’m not very experienced yet with vRA and vRO. The reason that I deployed it is mainly that I want to get more hands-on experience with vRA and vRO and eventually use the gained knowledge for customers.
vRA was already running for a couple of months, and all the frontend self-signed certificates were already replaced by my Microsoft home lab CA issued certs. When I started using vRO, I noticed that the certificate was not replaced yet and that the appliance was still using the default self-signed one. I started googling how to replace the vRO certificate and found the following official VMware documentation. This article states that you can trust the already installed custom certificates in vRA. I executed every step from the official VMware guideline but was unsuccessful to replace the vRO certificates with the procedure. Fortunately, I was able to replace the certificates with another procedure. (more…)
How to replace the self-signed certificate from vRealize Network Insight by a custom-cert from your own internal CA.
- Installed OpenSSL on Windows (http://gnuwin32.sourceforge.net/packages/openssl.htm)
- ESXi host with SSH enabled and reachable from the Network Insight Platform VM
- Filezilla client
Procedure to create CSR with SAN (Windows)
- Login into server where you have OpenSSL installed (or download it here)
- Go to the directory where openssl is located (on Windows)
- Create a file named sancert.cnf with the following information
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (NL) stateOrProvinceName = State or Province Name (ZH) localityName = Locality Name (AADR) organizationName = Organization Name (WGE) commonName = Common Name (e.g. server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = sslcert.wesleygeelhoed.nl DNS.2 = dns2.com DNS.3 = dns3.com
* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…
- Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf
This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!