Create SSL certificate for vCOPs

To create an SSL certificate  for vCOPs (vCenter Operations manager) use the following procedure:

On a machine with openssl installed do the following:

Create the following file in notepad and save it as c:\certs\vcops\vcops.cfg. Change the details in the subjectAltName line and the details in the last section for your site:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = DNS: vcopsui.domain.local, DNS: vcopsui, DNS: xx.xx.xx.xx

[ req_distinguished_name ]
countryName = AU
stateOrProvinceName = NSW
localityName = North Ryde
0.organizationName = Company
organizationalUnitName = vcops
commonName = vcopsui.domain.local

Open a cmd prompt and change the directory:

CD C:\certs\vcops

Run the following command to create a certificate request file:

c:\OpenSSL-Win64\bin\openssl req -new -nodes -out rui.csr -keyout rui.key -config vcops.cfg

Use the rui.csr file to request a certificate from the your windows certificates server. Save the new file as vcops.cer.

Your folder will have a file called rui.key rename this to vcops.key.

Next a PKCS#12 key needs to be created. Use the following command. It will request an export password, remembr this password.

c:\OpenSSL-Win64\bin\openssl pkcs12 -export -in vcops.cer -inkey vcops.key -name vcops -out vcops.pfx

A new file called vcops.pfx will be created

The certificate format required for vCOPs is the PEM format so the next step is required to create a PEM format certificate file.

Use the following command to create the new certificate in PEM format. The password created earlier will be required to complete the step.

c:\OpenSSL-Win64\bin\openssl pkcs12 -in vcops.pfx -inkey vcops.key -out vcops.pem -nodes

A new file called vcops.pem will be created.

the following shows the commands used in the previous steps

Use your browser to navigate to the Admin pages of your vcops vApp. https://<vcops-ui-ipaddress>/admin/  login with the admin user.

Select the SSL TAB and then browse to the vcops.pem file created earlier. Click the install button and the new SSL certificate information should be shown. Restart the UI node to complete the operation.