VMware Cloud Foundation Certificate Installation PDF
Document Details
Uploaded by GreekMichigander
CMU
Tags
Summary
This document provides instructions and steps for installing certificates in VMware Cloud Foundation, focusing on integrating with Microsoft and OpenSSL CAs. The steps include automating certificate management, configuring security settings and using APIs for managing certificates. The document includes screenshots.
Full Transcript
A screenshot of a computer Description automatically generated  **Installing Certificates** **Integrating SDDC Manager with Microsoft CA and OpenSSL CA** - These are fully automated (partnership with Microsoft)...
A screenshot of a computer Description automatically generated  **Installing Certificates** **Integrating SDDC Manager with Microsoft CA and OpenSSL CA** - These are fully automated (partnership with Microsoft) - Requirements - CA Authority Web Enrollment role in AD to obtain Signed Certs - Configure & Issue a VMware Cert template for Machine SSL & Solution user certs on this CA server - Configure the webserver (IIS) security settings to use basic auth - Ensure that the SDDC Manager service account has the LEAST privileges You must create the certificate service template with the proper basic authentication configuration through the IIS manager. From a high level, the process of preparing the certificate service template is as follows: - Create and configure a Microsoft Active Directory CA with the Certificate Authority Web Enrollment role. - Configure a VMware Certificate template for Machine SSL and Solution user certificates. - Configure the certificate service template and all sites, including the default website, for basic authentication. **Steps to add Microsoft CA in SDDC Mgr** Select - Security-\>Certificate Authority - Provide the Microsoft CA - Certificate Type - Microsoft CA from the dropdown - CA Server URL - User Name - Password - Template Name - OpenSSL OpenSSL is an open-source toolkit that is used to configure and manage TLS and SSL protocols, including certificate creation. [The OpenSSL implementation in SDDC Manager is not a CA in the strict sense of the term because it does not create a certification root authority]. The certificates that OpenSSL creates are self-signed certificates and do not contain a chain of trust to a root CA. - Cert Auth Type - Common Name - Org Unit - Org - Local - State - Country A screenshot of a computer Description automatically generated **Installing Certificates in SDDC Manager** - Issued by Authority Types - Microsoft CA (fully automated) - Fully automated partner integration - Open SSL CA (fully automated) - Integrated into VCF - 3^rd^ party CA's (not fully automated) **Steps for Supported integrated CA** - Select the resource type whose cert you want replaced - Click **GENERATE SIGNED CERTIFICATES** - After it is generated, click **INSTALL CERTIFICATES**  **Steps for External CA** - Click **GENERATE CSRS** - Click **DOWNLOAD CSR** - Sign the **CSR (Send to the 3^rd^ party CA and receive signed back)** - Upload the CSR to the desired CA - Download the signed certificates from the CA - Click **UPLOAD AND INSTALL CERTIFICATES** to supply the signed certificate files to SDDC Manager A diagram of a person with text Description automatically generated  **Managing Certificates in SDDC Manager** - Using APIs to manage - Tasks allowed - Verify whether a CA is configured - Configure Microsoft and OpenSSL CAs - Reconfigure a CA - Generate a CSR - Generate certificates - Install certificates - Developer Center (examples and the framework) - API Explorer - API Categories expand Certificates - Removing Unused Certificates - Log into the SDDC Manager UI as a user with ADMIN role - Developer Center - API Explorer - Trusted Certificates - Expand GET /v1/sddc-manager/trusted-certificates and click EXECUTE - Under Response, click TrustedCertificate and copy the alias for the certificate that you want to remove - Expand DELETE /v1/sddc-manager/trusted-certificates/{alias}, enter the alias that you copied and click EXECUTE A screenshot of a computer Description automatically generated  A screenshot of a computer Description automatically generated  A screenshot of a computer Description automatically generated  A screenshot of a computer Description automatically generated  A screenshot of a computer Description automatically generated
