VCAP-DCV Deploy Objective 8.2 – Part 2

SSL Certificate, VCAP6-DCV Deploy
In this section we will continue  to cover "Manage SSL certificates" Here are the objective from the blueprint : Configure and manage VMware Endpoint Certificate Store Replace default certificate with CA-signed certificate Generate ESXi host certificates Enable / Disable certificate checking Configure SSL timeouts according to a deployment plan Lab Setup: Using VMware workstation: Microsoft Servers 2012R2 for Services (ADCS,DNS , DHCP, etc…) Installed esx0 Installed VCSA  Documents used: vSphere Security Guide VMware KB 2112016 Configure and manage VMware Endpoint Certificate Store: VMware Endpoint Certificate Store (VECS) serves as a local (client-side) repository for certificates, private keys, and other certificate information that can be stored in a keystore. You can decide not to use VMCA as your certificate authority and certificate signer, but you must use VECS to store all vCenter certificates,…
Read More

VCAP-DCV Deploy Objective 8.2 – Part 1

SSL Certificate, VCAP6-DCV Deploy
In this section we are going to cover "Manage SSL certificates" Here are the objective from the blueprint : Configure and manage VMware Certificate Authority Lab Setup: Using VMware workstation: Microsoft Servers 2012R2 for Services (ADCS,DNS , DHCP, etc…) Installed esx0 Installed VCSA  Documents used: vSphere Security Guide VMware KB 2112016 Configure and manage VMware Certificate Authority: In vSphere 6.0 and later, the VMware Certificate Authority (VMCA) provisions your environment with certificates. This includes machine SSL certificates for secure connections, solution user certificates for authentication to vCenter Single Sign-On, and certificates for ESXi hosts that are added to vCenter Server. The following certificates are in use. [caption id="attachment_1806" align="alignnone" width="943"] Source: VMware security guide[/caption] There are many variation of how to configure VMCA , i choose to configure VMCA as a…
Read More

Adding Microsoft Certificate Authority Services in my lab

Active Directory, Home-Lab, SSL Certificate, VCAP6-DCV Deploy
In this post i will install Microsoft Certificate Authority Services on my domain controller in preparation for Objective 8.2 Here are the steps: In server manager add the Active Directory Certificate tools Choose the Certificate Authority and Certificate Authority Web Enrollment Follow the wizard and click install (you can close the installation window) Click on the yellow icon(Post Installation) and then click on configure Active Directory Certificate Authority Make sure to use Administrator (or user with similar rights) Select the Certificate Authority  and Certificate Authority Web Enrollment Choose Enterprise CA (only available if you running AD) Choose Root CA Choose "Create new private key" Choose the Default encryption Verify Common names(no need to change anything) Leave the default validity time Leave the default Cert DB Click on Configure Once done access the the CA via…
Read More