I’ve had to create a bunch of SSL certificates for ESX\/ESXi hosts. Its always a pain because there are a bunch of steps and I can’t remember what my company always uses for the Organization name\/Organizational unit name. I created some documentation on the process and have to look at it every time I create a certificate. It works okay, but who wants to read documentation when you can lean on a simple batch file…like this one? You just need to specify the name of the batch file and the host name of your ESX\/ESXi host from a command prompt:<\/p>\n
\r\n@echo off\r\nREM ======================================================================\r\nREM == Script to generate SSL Certificate for ESX\/ESXi host ==\r\nREM == Usage: esx_ssl.bat esxhostname.domain.name ==\r\nREM == Note: On Windows 7 this script must be ran from an ==\r\nREM == elevated\/administrator command prompt. ==\r\nREM ======================================================================\r\n\r\nset pathToOpenSSLbin=C:\\OpenSSL\\bin\r\nset pathTovCLIbin=C:\\Program Files\\VMware\\VMware vSphere CLI\\bin\r\necho The specified ESX\/ESXi host: %1\r\n\r\nREM Generate the SSL\r\n\"%pathToOpenSSLbin%\\openssl.exe\" genrsa 1024 > \"%pathToOpenSSLbin%\\%1.key\"\r\n\"%pathToOpenSSLbin%\\openssl.exe\" req -new -key \"%pathToOpenSSLbin%\\%1.key\" -subj \"\/CN=%1\/OU=Department Name\/O=Company Name\/L=CityName\/ST=State\/C=US\/emailAddress=user@domain.name\" > \"%pathToOpenSSLbin%\\rui.csr\"\r\n\r\nREM Open the Certificate Signing Request in wordpad\r\n\"%ProgramFiles%\\Windows NT\\Accessories\\wordpad.exe\" \"%pathToOpenSSLbin%\\rui.csr\"\r\n\r\nREM The CSR contents must be manually copied to the internal cert server\r\necho\r\necho ======================================================================\r\necho The following steps must be manually completed\r\necho 1.) Select the contents of rui.csr and copy them to the clipboard\r\necho 2.) Open the certificate server site (https:\/\/internal-ca.domain.name\/certsrv)\r\necho 3.) Select \"Request a certificate\"\r\necho 4.) Select \"Advanced certificate Request\"\r\necho 5.) Paste the contents of rui.csr into the saved request box\r\necho 6.) Select \"Web Server\" in the certificate template drop down\r\necho 7.) Save the Base 64 version of the certificate in the following path:\r\necho %pathToOpenSSLbin%\\certnew.csr\r\necho ======================================================================\r\npause\r\n\r\n\"%pathToOpenSSLbin%\\openssl.exe\" x509 \u2013in certnew.cer \u2013out %1.cer\r\n\r\nset \/p hostpass=Please enter the root password for %1 :\r\n\r\n\"%pathTovCLIbin%\\vifs.pl\" --server %1 --put \"%pathToOpenSSLbin%\\%1.key\" \/host\/ssl_key --username root --password %hostpass%\r\n\"%pathTovCLIbin%\\vifs.pl\" --server %1 --put \"%pathToOpenSSLbin%\\%1.cer\" \/host\/ssl_cert --username root --password %hostpass%\r\n\r\nREM Create a backup copy in case you need this SSL certificate again:\r\ncopy \"%pathToOpenSSLbin%\\%1.key\" \"\\\\vcenter\\SSL_Certificates$\\%1.key\" \/y\r\ncopy \"%pathToOpenSSLbin%\\%1.cer\" \"\\\\vcenter\\SSL_Certificates$\\%1.cer\" \/y\r\n\r\necho Please reboot the host %1 and verify the SSL certificate.\r\npause\r\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"I’ve had to create a bunch of SSL certificates for ESX\/ESXi hosts. Its always a pain because there are a bunch of steps and I can’t remember what my company always uses for the Organization name\/Organizational unit name. I created … Continue reading