Use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates that are signed by the Microsoft certificate authority (MSCA) for all management product with a single operation.

About this task

For complete information about the VMware Validated Design Certificate Generation Utility, see VMware Knowledge Base article 2146215.

Procedure

  1. Log in to a Windows Server 2012 host that has access to the data center as AD administrator and is part of rainpole.local domain.
  2. Download and extract the Certificate Generation Utility from VMware Knowledge Base article 2146215.
    1. Open the VMware Knowledge Base article in a Web browser.
    2. Extract CertGenVVD-3.0.zip to the C: drive.
  3. In the c:\CertGenVVD-3.0 folder, open the default.txt file in a text editor.
  4. Verify that following properties are configured.
    ORG=Rainpole Inc.
    OU=Rainpole.local
    LOC=NYC
    ST=NY
    CC=US
    CN=VMware_VVD
    keysize=2048
    Note:

    These are default values and should be updated to reflect your orginization.

  5. Verify that only the following files are available in the c:\CertGenVVD-3.0\ConfigFiles folder and LOC=NYC is in the text files.
    • nyc01nsxm01.txt

    • nyc01vc01.txt

    • nyc01vdp01.txt

    • nyc01vrb.txt

    • nyc01vrli.txt

      Note:

      The vRealize Automation Proxy Agents use the same certificate generated for the Proxy Agents in the VMware Validated Design for SDDC deployment.

  6. Open a Windows PowerShell prompt and navigate to the CertGenVVD folder.
    cd c:\CertGenVVD-3.0
  7. Run the following command to grant PowerShell permissions to run third -party shell scripts.
    Set-ExecutionPolicy RemoteSigned
  8. Run the following command to validate prerequisites for running the utility.

    Verify that VMware is included in the available CA Template Policy.

    .\CertgenVVD-3.0.ps1 -validate
  9. Run the following command to generate MSCA-signed certificates.
    .\CertGenVVD-3.0.ps1 -MSCASigned -attrib 'CertificateTemplate:VMware'
  10. In the c:\CertGenVVD-3.0 folder, verify that the utility created the SignedByMSCACerts sub-folder.

What to do next

Replace the default product certificates with the certificates that the CertGenVVD utility has generated.