Comments on: Replace vCSA 6.5u1 certificate by an ADCS signed certificate //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/ Wed, 31 Oct 2018 09:38:24 +0000 hourly 1 https://wordpress.org/?v=4.9.8 By: Grigori Solonovitch //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3409 Mon, 29 Oct 2018 07:36:00 +0000 //www.tech-coffee.net/?p=5750#comment-3409 It works only using this 3 files with VCSA 6.5 Update 3:

signed VCSA certificate file vcsa_issued_csr_cer
+
private VCSA key file vcsa_issued_key.key
+
concatenated intermediate + root PEM file (copy/paste in vi editor) file vcsa_issued_con.pem

]]>
By: Nahuel //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3277 Mon, 28 May 2018 18:32:59 +0000 //www.tech-coffee.net/?p=5750#comment-3277 you can download the CA certificate from https://YourCAserver/certsrv

in the Home, option “Download a CA certificate, certificate chain, or CRL” Download it in base 64 to upload it through WinSCP to the Vcenter as indicated in the instructions above.

]]>
By: Nahuel //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3276 Mon, 28 May 2018 18:29:17 +0000 //www.tech-coffee.net/?p=5750#comment-3276 From the server with IE I wasn´t able to see all the template options, after accesing from my PC with Chrome (¡?hahah) All the options were available.

(still wonder why you don´t like it!? XD)

thks 4 the tutorial my friend, It was very useful. Keep on doing such great job

]]>
By: Romain Serre //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3270 Fri, 25 May 2018 06:34:53 +0000 //www.tech-coffee.net/?p=5750#comment-3270 I don’t like the web interface. I never use it 🙂

]]>
By: Nahuel //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3269 Fri, 25 May 2018 01:50:18 +0000 //www.tech-coffee.net/?p=5750#comment-3269 done it, but it seems that you can achive the same by doing it from the web https://CAserver/certsrv

]]>
By: Romain Serre //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3268 Thu, 24 May 2018 20:22:46 +0000 //www.tech-coffee.net/?p=5750#comment-3268 Use the command certreq with -attrib option : certreq.exe -submit -attrib “CertificateTemplate:FroWebServer” certifcatesigningrequest.csr

]]>
By: Nahuel //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3267 Thu, 24 May 2018 15:43:23 +0000 //www.tech-coffee.net/?p=5750#comment-3267 The request does not contain a certificate template extension or the certificate template request attribute …. what about that error when trying to submit

]]>
By: Nahuel //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3266 Wed, 23 May 2018 20:14:26 +0000 //www.tech-coffee.net/?p=5750#comment-3266 Can you do the same with CA local? because from my AD the CA console doesn´t recognize the CSR file, just .req, .txt, .cmc .der not .csr as request file 🙁

]]>
By: Romain Serre //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3205 Sun, 11 Mar 2018 14:00:33 +0000 //www.tech-coffee.net/?p=5750#comment-3205 Hi,

I always set the FQDN for the SAN. Then if I remember well, the wizard add the short name automatically.

]]>
By: joelclyburn //www.tech-coffee.net/replace-vcsa-6-5u1-certificate-by-an-adcs-signed-certificate/#comment-3199 Fri, 09 Mar 2018 19:43:17 +0000 //www.tech-coffee.net/?p=5750#comment-3199 Does the certificate require having the short name as a SAN? i.e. vcsa.domain.local with SAN of vcsa?

]]>