Blah, Cloud.

Adventures in architectures

  • Twitter
  • GitHub
  • Home
  • Blog
  • Kubernetes on vSphere
  • Multi-tenant IaaS Networking
  • Me
    • About
    • CV
    • Contact
Home » Blog » Security » Creating a vSphere 6 certificate template in Active Directory

Creating a vSphere 6 certificate template in Active Directory

19/07/2015 by Myles Gray Leave a Comment

Signing certs for VMware has always been a pain in the ass, it’s gotten a lot better in v6 but there are a few caveats, what we’re going to do here is set up a certificate template in Active Directory from which we will sign our vCenter certificates.

Load up your AD-CA box and run:

certtmpl.msc

Next right click on Web Server and click Duplicate Template:

Duplicate Template

If you use an encryption level higher than sha1 choose Windows Server 2008 as the Certification Authority.

Certification Authority

Click the General tab and change the name to something significant to you (mine is vSphere 6.0).

Template Name

Then navigate to the Extensions tab and select Application Policies and click Edit, select Server Authentication and click Remove then Ok.

Remove Server Authentication

Select Key Usage and click Edit. Select Signature is proof of origin (nonrepudiation) option and click Ok.

Key Usage Options

Move to the Subject Name tab. Make sure Supply in the request option is selected. Click Ok on both dialogues. It should now show up in your cert templates like so:

vSphere 6.0 Certificate Template

Load up mmc and add the Certificate Authority snap-in.

Navigate to the Certificate Templates folder and right click choose New -> Certificate Template to Issue then select vSphere 6.0.

Add as a certificate template

We are now ready to use the template for signing vCenter certs.

Why not follow @mylesagray on Twitter for more like this!

Show some love:

  • Reddit
  • Twitter
  • Pocket
  • LinkedIn
  • Email
  • Telegram

Similar things I've written

Filed Under: Security Tagged With: active directory, certificates, certtmpl.msc, vcenter, vsphere 6

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Myles Gray

I am a Senior Technical Marketing Architect for VMware in the Storage and Availability Business Unit. Focused primarily on content generation, product enablement and feedback from customers and field to engineering. Read More…

Categories

Tags

active directory authentication CBT cisco datastore dell design esxi fortigate iscsi jumbo frame kubernetes lab linux load-balancing lun md3000i mtu networking NginX nic nsx openSUSE osx pxe readynas san sdelete serial teaming ubuntu vcenter vcloud director vcsa vexpert video VIRL vmdk vmfs vmware vsan vsphere vsphere 6 vsphere beta windows

Subscribe to Blog via Email

Copyright © 2019 · News Pro Theme on Genesis Framework · WordPress · Log in

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.