The tool uses a set of canned configuration files for the various VMware products. These configuration files come directly from VMware KB articles. You can also write your own custom cfg files and place them in the templates directory for use in the tool. You must also add a line in the in the vmware-cert-tool.conf file for your custom template defaults.
You can download the tool from here. I have provided a link with OpenSSL included, but google thinks it contains a virus (which it does not)
You can get that here > VMware Certificate Tool w/ OpenSSL
If warnings make you nervous, You can get the package w/o OpenSSL included here > VMware Certificate Tool OpenSSL not Included
You will however need to download and install OpenSSL from http://slproweb.com/products/Win32OpenSSL.html and install it in the vmware cert tool directory under openssl or modify the powershell script to point to your installation
Now on to the screenshots...
When you run the program you will be prompted to either generate a CSR or import a reply
A summary will be printed, if you have made any mistakes you can start over
Several files including the CSR and private key are created. The templateUsed.txt file keeps track of the type of certificate you are requesting
At this point you are on your own to request the certificate from your CA. You can follow VMware's documentation for requesting a certificate here > http://kb.vmware.com/kb/2037432#getcert
For the certificate tool you will only need the .p7b file as this contains the complete certificate chain. For ease place it in the request directory for your request
Start the certificate tool up again and select option 2 to import the reply. You will enter the common name you set for the request and specify the absolute location for the .p7b file
After the tool runs it creates all the certificate files you could ever want including the certificate itself, all of the certificates in the chain, a chain certificate without the host certificate, and even the ever elusive PEM file which contains the entire chain and private key
I hope this helps some of you out.
No comments:
Post a Comment