Category Archive: Security

Jul 15

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.

Read the rest of this entry »

Jun 30

Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0

In this blog post we will go over the steps outlined in the VMware Knowledgebase article 2112009 for the creation Machine SSL and Solution User certificates in a Microsoft Certificate Authority (CA). The next blog on replacing the Machine SSL certificate will reference this blog.

Read the rest of this entry »

Jun 15

vSphere Hardening Guide GA now available

It’s time to release the vSphere 6.0 Hardening Guide! As I mentioned back in April, there are a lot of changes that have been made. In talking with customers and auditors in detail for the past year, the conclusion was reached that the Hardening Guide was

  1. Difficult to understand
  2. Contained a mix of
    1. Operational Guidance – How you use the product in your environment
    2. Programmatic Guidance – What settings should be applied OR audited

Basically, it was NOT easy to implement. And if security is too difficult to implement, people will either not do it or will do it poorly.

Read the rest of this entry »

Older posts «