Use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates that are signed by the Microsoft certificate authority (MSCA) for vRealize Suite Lifecycle Manager.
About this task
For information about the VMware Validated Design Certificate Generation Utility, see VMware Knowledge Base article 2146215 and the VMware Validated Design Planning and Preparation.
Provide a Windows Server 2012 host that is part of the sfo01.rainpole.local domain.
Install a Certificate Authority server on the rainpole.local domain.
- Log in to a Windows host that has access to your data center.
- Download the CertGenVVD-version.zip file of the Certificate Generation Utility from VMware Knowledge Base article 2146215 on the Windows host where you connect to the data center and extract the ZIP file to the C: drive.
- In the C:\CertGenVVD-version folder, open the default.txt file in a text editor.
- Verify that following properties are configured.
ORG=Rainpole Inc. OU=Rainpole.local LOC=SFO ST=CA CC=US CN=VMware_VVD keysize=2048
- Delete all files in the C:\CertGenVVD-version\ConfigFiles folder
- In the C:\CertGenVVD-version\ConfigFiles folder, create a text file named vrs01lcm01.txt with the following content.
For example, the configuration files for the vRealize Suite Lifecycle Manager instance must contain the following properties:
[CERT] NAME=default ORG=default OU=default LOC=SFO ST=default CC=default CN=vrs01lcm01.rainpole.local keysize=default [SAN] vrs01lcm01 vrs01lcm01.rainpole.local
- Open a Windows PowerShell prompt and navigate to the CertGenVVD folder.
- Grant permissions to run third-party PowerShell scripts.
- Validate if you can run the utility using the configuration on the host and verify if VMware is included in the printed CA template policy.
- Generate MSCA-signed certificates.
.\CertGenVVD-version.ps1 -MSCASigned -attrib 'CertificateTemplate:VMware'
- In the C:\CertGenVVD-version folder, verify that the utility created the SignedByMSCACerts subfolder.