OpenManage Integration for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows Certification Authority This Dell Technical white paper describes the necessary steps to generate and consume a custom SSL/HTTPS certificate for the OpenManage Integration for VMware vCenter using Microsoft Windows Certification Authority.
Revisions (2.0) Date Description August 2013 Initial release October 2013 Ported to Dell template THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. © 2013 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell.
Table of contents Revisions (2.0) .................................................................................................................................................................................... 2 1 3 Introduction ................................................................................................................................................................................ 4 1.1 Audience and scope .........................................................................
1 Introduction The OpenManage Integration for VMware vCenter is a virtual appliance used to reduce tools and tasks associated with the management and deployment of Dell servers in your virtual environment. It reduces complexity by natively integrating the key management capabilities into the vCenter console. It minimizes risk with hardware alarms, streamlined firmware updates and deep visibility into inventory and provides health and warranty details.
2 Certificates 2.1 Why use an SSL certificate? For secure HTTPS communication, the web server requires the SSL certificate on theOpenManage Integration for VMware vCenter . 2.2 Why use a custom certificate? Uploading a custom SSL certificate, signed by a trusted CA, establishes a trusted/secure client and server communication within the organization. This custom certificate fixes the trusted certificate exception in the web browser.
2. Under HTTPS Certificates, click Generate Certificate Signing Request. Figure 2 Generating the certificate signing request. 3. Provide the required information and make sure that the Common Name field contains the appliance’s FQDN/Hostname or localhost.localdomain if FQDN/Hostname is not set. Figure 3 6 Success dialog box.
4. Click Continue, and then click Download Certificate Signing Request. 5. Copy and/or save the text from the newly opened browser tab or window. Figure 4 7 Copy the BEGIN and END of the Certificate Request.
3 Certificate signing using Microsoft Windows CA This section shows you how to digitally sign a CSR generated by the Administration Console using Microsoft Windows Certification Authority. This section assumes that the certification authority server has already been configured. Open the certification authority portal page in the web browser by using http://certificate-authorityaddress/certsrv 2. Click Request a certificate. 1. Figure 5 Using Microsoft Active Directory Certificate Services.
Figure 7 Advanced Certificate Request screen. 4. Paste the CSR text you copied in the previous procedure in the text area and submit the request. Make sure that the BEGIN and END certificate REQUEST tags are present in the text. Figure 8 5. Pasting in the certificate request. On the Certification Authority server, open the Certification Authority snapshot. Figure 9 Opening the Certificate Authority snapshot. 6. Right-click the pending certificates folder and issue the certificate.
Figure 10 Issuing the certificate. 7. Open the Certification Authority portal page and go to View the status of a pending certificate request. 8. Download the Saved-Request Certificate to the local disk. Figure 11 Downloading the certificate. 9. To Download DER encoded certificate, click Download Certificate. 10. Convert the certificate from cert/cer format to PEM format using openssl or using the directions from the following web sites: • https://www.sslshopper.com/ssl-converter.html • http://www.bo.infn.