\n
![\"\"](\"http:\/\/enterpriseadmins.org\/blog\/wp-content\/uploads\/2012\/07\/SRM_SSL_pair.png\" "\\"SRM_SSL_pair\\"")
<\/a><\/p>\nI spent a lot of time trying to figure out the ‘trick’ on how to create certificates that SRM would actually use. I finally found a blog post here: http:\/\/thephuck.com\/virtualization\/creating-certificates-for-vmware-srm-or-vcenter-using-openssl-made-easy-with-video\/<\/a> that pointed me in the right direction. I followed the instructions but SRM still wouldn’t use the certificate.<\/p>\n Looking at the certificate created, I noticed a couple of things were missing. Specifically, the following two settings that actually make the SRM certificate different:<\/p>\n Even though my CSR contained both of these settings, the CA did not include them in the certificate. I decided to make a copy of the ‘Web Server’ certificate template I normally use and add a ‘Client Authentication’ purpose. However, when I got to my CA, I noticed an SCCM Web Server template that already had the options I needed. <\/p>\n I followed the instructions<\/a>, but made two different changes when submitting the CSR to my CA:<\/p>\n Certificate Template: SCCM Web Server (which has a Server & Client purpose) Finally, after what felt like weeks of SSL hell, I was able to pair my sites. Many thanks to Luke @ThepHuck<\/a> for these valuable instructions. <\/p>\n","protected":false},"excerpt":{"rendered":" I recently ran into some problems with SRM and SSL certificates. My lab for this project has two vcenters — both using CA signed SSL certificates. During the SRM install I used the automatically generated certificates. When the installations were … Continue reading \r\nextendedKeyUsage = serverAuth, clientAuth\r\nsubjectAltName = DNS: fqdn.of.srm.server\r\n<\/pre>\n
\nAttributes: san:dns=host.name.of.vcenter (which adds the subject alternative names)<\/p>\n