Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Stuffs from real IT system ADMINISTRATORS world and my LAB

Azure automation account DSC for On-Premise Virtual Machine on boarding

In my earlier series on on-prem Powershell DSC server I shown how to configure DSC (Desired State configuration) server and its client on windows & linux. Enabling WinRm is one of the main prerequisite for all DSC operations. If I see DSC's future, Microsoft is more and more focusing on Azure DSC (desired state configuration), Azure adds cloud-based management layer to DSC, you can use it as Dev…

Read more

Getting started with Powershell Desired State Configuration (DSC) on Linux

DSC is a (DevOps) management platform in PowerShell that enables you to manage your IT and development infrastructure with configuration as code. While writing Part 1: Configure PowerShell remoting between Windows and Linux my main motive was to configure push Desired State Configuration (DSC) on Linux server from windows. To work DSC on Linux below versions and flavors of Linux are supported, I …

Read more

Configure PowerShell remoting between Windows and Linux

After opensource PowerShell core 6 for linux was available to download, I wrote an article on it - How to Install and Use Microsoft PowerShell on Linux. This is just an addition to same guide. Few of my linux servers were installed with PowerShell core and they were installed with few PS modules for management purpose. I was looking for remote solution to access those modules using windows p…

Read more

Powershell Generate Self-signed certificate with Self-Signed Root CA Signer

While exploring options on creating self signed SSL certificate using PowerShell, I got to know one of the good New-SelfSignedCertificate parameter Signer. It can be used by developers for testing purpose or I can also use it to generate fake CA signed certificates for my lab experiments. All the commands are executed on PowerShell as administrator. 

Below command generates your first self…

Read more

Enable Access to the VCSA Bash shell or Appliance Shell

Currently, the vCSA is bundled with below supported shells - BASH Shell & Appliance Shell. The appliance shell can be used to update the VCSA, using the software-packages command and has some other use cases. When you log in for first time by default it shows appliance shell, below is the method to switching the vCenter Server Appliance 6.x to BASH Shell

     1) Use putty any other ss…

Read more

Powershell WinRM HTTPs CA signed certificate configuration

This guide is not specific to configuration but it also shows how I troubleshooted CA signed certificate issue while configuring WinRM listener. This is a third part of PowerShell remoting over HTTPS using self-signed SSL certificate, For security best practices instead of going with Self signed certificate I am using CA signed certificate. First step I need is CSR file, I have used below two ope…

Read more

Configure Powershell WinRM to use OpenSSL generated Self-Signed certificate

PowerShell remoting over HTTPS using self-signed SSL certificate

This is a step by step guide and will show you how to use HTTPS port  and self signed SSL certificate while using Powershell Remoting. On the PSRemoting regards I had already written one article in the past POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, When you use WinRM PSRemoting, it uses default HTTP 5985 port for connection and SSL is not used, If I try to use Enter-PSS…

Read more

How to replace default vCenter VMCA certificate with Microsoft CA signed certificate

VMCA (VMware Certificate Authority) is a one of the components in PSC (Platform services controller) inbuilt into vCenter server 6.x. VMCA is Certificate Authority and works as same as Microsoft CA certificate. It can issue certificates to VMware components i.e. vCenter, ESXi servers. In my previous blog How to import default vCenter server appliance VMCA root certificate and refresh CA certifica…

Read more

How to import default vCenter server appliance VMCA root certificate and refresh CA certificate on ESXi

This is step by step guide on basic vmware certificate chain installation in the infrastructure, all the steps performed on development infra, Back from my previous project, I installed new VMware vCenter appliance 6.7 recently and few of my esxi server were already installed with self signed certificates using Microsoft CA and openssl tool. But I wanted to streamline everything with automated fas…

Read more

View older posts »

Page Views

2451263

For anyone following this guide. Few Tips:

1. If it is a windows box run the command window as administrator so that you can see the errors.

If you have a two tier PKI structure like mine (RootCA and Intermediate CA) on the machine cert copy and paste the whole certs in the chain. Like this
−−−−−−BEGIN CERTIFICATE−−−−−−
*Device cert*
−−−−−−END CERTIFICATE−−−−−−
−−−−−−BEGIN CERTIFICATE−−−−−−
*Intermediate CA cert *
−−−−−−END CERTIFICATE−−−−−−−−
−−−−−−BEGIN CERTIFICATE−−−−−−
*Root CA cert *
−−−−−−END CERTIFICATE−−−−−−

and for the root certificate combine both intermediate and root certificate by copy paste.
−−−−−−BEGIN CERTIFICATE−−−−−−
*Intermediate CA cert *
−−−−−−END CERTIFICATE−−−−−−−−
−−−−−−BEGIN CERTIFICATE−−−−−−
*Root CA cert *
−−−−−−END CERTIFICATE−−−−−−

Thanks Roman - Thanks for notifiying, I have updated missing "-" in front of CertificateThumbPrint

New-Item -Path WSMan:\localhost\Listener\ -Transport HTTPS -Address * CertificateThumbPrint $serverCert.Thumbprint -Force

missing "-" before CertificateThumbPrint

Thank iChayan, for comment. Use and connect to your PSC to configure VMCA,

You will need to restart vcenter services in the last.

Hi

Thank you for the brilliant article, especially for this link https://blogs.vmware.com/vsphere/2018/11/external-platform-services-controller-a-thing-of-the-past.html, we are on 6.5 and we are unable to deploy NSX as we cant turn on enhanced link mode on the Dell EMC VXRail embedded vcentre and external PSC.

I have an external psc, what should I provide for this "VMCA Name: the FQDN where is located your VMCA. Usually the vCSA FQDN" vcentre or psc?

Also do I need to do anything on the psc?

Thanks in advance.

Follow me on Blogarama