openssl s_client -connect customerdomain.tld:465 | openssl x509 -textSchlagwort: certificate
VMware ESXi 6.0: Self-signed Zertifikate neu erstellen
- via Remote Management (bspw. iRMC) auf VMware Console verbinden
- SSH aktivieren
- unter /etc/vmware/ssl die Files rui.key und rui.crt entfernen
- /sbin/generate-certificates ausführen
- Restart Management Agents via VMware Console oder via SSH per Befehl services.sh restart
VMware ESXi 6.0: Zertifikate eigener CA installieren
/etc/vmware/ssl/webclient.cnf vorbereiten:
[ req ]
default_bits = 4096
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:"$FQDN", DNS:"$HOSTNAME", IP:"$IP"
[ req_distinguished_name ]
countryName = "$COUNTRY"
stateOrProvinceName = "$PROVINCE"
localityName = "$CITY"
0.organizationName = "$COMPANY"
organizationalUnitName = "IT"
commonName = "$FQDN"
[ alt_names ]
DNS.1 = "$FQDN"
DNS.2 = "$HOSTNAME"
IP.1 = "$IP"Per SSH im Ordner /etc/vmware/ssl/ den Private Key und CSR erstellen:
openssl genrsa -out /etc/vmware/ssl/rui.key 4096
openssl req -new -nodes -out /etc/vmware/ssl/rui.csr -keyout /etc/vmware/ssl/rui.key -config /etc/vmware/ssl/webclient.cnfZertifikat lokal oder über den CSR mittels eigener CA erstellen und unter /etc/vmware/ssl/rui.crt ablegen:
openssl x509 -req -days 365 -in /etc/vmware/ssl/rui.csr -signkey /etc/vmware/ssl/rui.key -out /etc/vmware/ssl/rui.crt -extensions v3_req -extfile /etc/vmware/ssl/webclient.cnfBei eigener CA: Root und Intermediate Certificate unter /etc/vmware/ssl/castore.pem ablegen.
Dienste neustarten:
services.sh restart