Use the Certificate Generation Utility for VMware Validated Design (CertGenVVD) to generate new signed certificates for the SDDC components.

Procedure

  1. Log in to the Windows host that has access to your data center.
  2. Set the execution policy to Unrestricted.
    1. Click Start, right click Windows PowerShell, and select More > Run as Administrator.
    2. Set the execution policy by running the following command.
      Set-ExecutionPolicy Unrestricted
    3. Enter Y to confirm the execution policy change.
  3. Use the CertConfig utility to generate the certificate configuration files.
    1. Open the populated Deployment Parameters XLS file and select the CertConfig worksheet.
    2. From the File menu, select Save As…, set the file format to Comma delimited (*.csv), rename the file to SDDC-CertConfig.csv, and click Save.
    3. Rename the C:\CertGenVVD-version\ConfigFiles folder to ConfigFiles.Old.
    4. Create a new C:\CertGenVVD-version\ConfigFiles folder.
    5. In the Windows PowerShell terminal, navigate to the C:\CertGenVVD-version folder and run the following command.
      .\Certconfig-version.ps1 SDDC-Certconfig.csv
    6. Follow the on-screen instructions and set the following values.

      Setting

      Value

      Default Organization

      Rainpole Inc

      Default OU

      Rainpole

      Default Location

      SFO

      Default State

      CA

      Default Country

      US

      Default Key Size

      2048

    7. Verify that the C:\CertGenVVD-version\ConfigFiles folder is populated with the necessary certificate configuration files.
      • sfo01m01nsx01.txt

      • sfo01m01srm01.txt

      • sfo01m01vc01.txt

      • sfo01m01vrs01.txt

      • sfo01psc01.txt

      • sfo01vrli01.txt

      • sfo01w01nsx01.txt

      • sfo01w01vc01.txt

      • vra01svr01.txt

      • vrb01svr01.txt

      • vrops01svr01.txt

      • vrs01lcm01.txt

  4. In the Windows PowerShell terminal, navigate to the C:\CertGenVVD-version folder and validate the configuration by running the following command.
    .\CertGenVVD-version.ps1 -validate

    The local machine configuration is validated successfully.

  5. Use the CertGenVVD utility to generate the signed certificate files.
    1. In the Windows PowerShell terminal, navigate to the C:\CertGenVVD-version folder and generate the signed certificates by running the following command.
      .\CertGenVVD-version.ps1 -MSCASigned -attrib 'CertificateTemplate:VMware'
    2. Follow the on-screen instruction and enter a passphrase for PEM/P12 file encryption.

    All MSCA signed certificates are generated in the C:\CertGenVVD-version\SignedByMSCACerts folder.

  6. Rename the C:\CertGenVVD-version\SignedByMSCACerts folder to SignedByMSCACerts-sfo-jd.
  7. Copy the vra01svr01, vrb01svr01, vrops01svr01, and vrs01lcm01 folders and their content to a location that you can access during the deployment of Region B.