Use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates that are signed by the Microsoft certificate authority (MSCA) for all management product with a single operation.
About this task
For complete information about the VMware Validated Design Certificate Generation Utility, see VMware Knowledge Base article 2146215.
- Log in to a Windows Server 2012 host that has access to the data center as AD administrator and is part of rainpole.local domain.
- Download and extract the Certificate Generation Utility from VMware Knowledge Base article 2146215.
- Open the VMware Knowledge Base article in a Web browser.
- Extract CertGenVVD-3.0.zip to the C: drive.
- In the c:\CertGenVVD-3.0 folder, open the default.txt file in a text editor.
- Verify that following properties are configured.
ORG=Rainpole Inc. OU=Rainpole.local LOC=NYC ST=NY CC=US CN=VMware_VVD keysize=2048Note:
These are default values and should be updated to reflect your orginization.
- Verify that only the following files are available in the c:\CertGenVVD-3.0\ConfigFiles folder and LOC=NYC is in the text files.
The vRealize Automation Proxy Agents use the same certificate generated for the Proxy Agents in the VMware Validated Design for SDDC deployment.
- Open a Windows PowerShell prompt and navigate to the CertGenVVD folder.
- Run the following command to grant PowerShell permissions to run third -party shell scripts.
- Run the following command to validate prerequisites for running the utility.
Verify that VMware is included in the available CA Template Policy.
- Run the following command to generate MSCA-signed certificates.
.\CertGenVVD-3.0.ps1 -MSCASigned -attrib 'CertificateTemplate:VMware'
- In the c:\CertGenVVD-3.0 folder, verify that the utility created the SignedByMSCACerts sub-folder.
What to do next
Replace the default product certificates with the certificates that the CertGenVVD utility has generated.