Wednesday Tidbit: Replace the SSL certificate in VMware vSphere Management Assistant appliance

20150703 - VMwareUsing genuine SSL certificates is good for security.  It lets users know the device/host they’re connecting to is genuine, and prevents man-in-the-middle attacks.  It also removes nasty warnings in the browser title bar. 

On a workstation with OpenSSL installed, create a new key and certificate signing request:

openssl req -new -newkey rsa:2048 -nodes -out vma.csr -keyout vma.key

OpenSSL will write out a new private key, and then request answers to a few questions. Once done, submit the CSR to your Certificate Authority.

When the new certificate has been issued, save it in the same folder as the private key.

Create a PEM file on Windows using:

type vma.key vma.crt > server.pem

On Linux use:

cat vma.key vma.crt > server.pem

Using SFTP, login as vi-admin and upload server.pem.

SSH to the vMA appliance and login as vi-admin. Navigate to the correct folder:

cd /opt/vmware/etc/lighthttpd

Backup the existing certificate:

sudo mv server.pem server.pem.old

Move the new PEM file into place:

move /home/vi-admin/server.pem .

Restart the web server:

service vami-lighttp restart

You new certificate will now be in place.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.