A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.
Category Archive: Security
In this blog post we will go over the steps outlined in the VMware Knowledgebase article 2112009 for the creation Machine SSL and Solution User certificates in a Microsoft Certificate Authority (CA). The next blog on replacing the Machine SSL certificate will reference this blog.
It’s time to release the vSphere 6.0 Hardening Guide! As I mentioned back in April, there are a lot of changes that have been made. In talking with customers and auditors in detail for the past year, the conclusion was reached that the Hardening Guide was
- Difficult to understand
- Contained a mix of
- Operational Guidance – How you use the product in your environment
- Programmatic Guidance – What settings should be applied OR audited
Basically, it was NOT easy to implement. And if security is too difficult to implement, people will either not do it or will do it poorly.