VMware vCenter Certificate Management Default Values

If you have ever replaced VMware vCenter server certificates you will know that there are default values for common SSL/TLS certificate attributes, for example country code and organisation name. By default VMware have their own details for these attributes as shown below –

  • Country – US
  • E-mail – [email protected]
  • Locality – Palo Alto
  • Organisational Unit Name – VMware Engineering
  • Organisation Name – VMware
  • State – California

When you work through a certificate creation process you will find these are the values suggested for your default. The system can also use these values when it self generates or creates for a service/host. Personally I’d rather have values relevant to myself presented each time I work through this or when the system is creating them for me. Let’s take a look at where these values are stored and how we can change them.

I was tempted to show these settings using the classic C# client many of us will have used for years however it really is time to move away from that so let me show you via the current Flash client and the newer HTML5 version followed by our friend PowerShell PowerCLI.

Flash Client

Having selected our vCenter object and clicked the ‘Configure’ button we need to click ‘Advanced Settings’. Entering a filter term will reduce the rather long list of Name/Value pairs to just what we want. In this case the value ‘certmgmt’ will give us just what we need.

VMware vCenter Certificate Management Default Values Flash Client View Settings

If we click the ‘Edit’ button a popup window will appear, again we need to filter the options or you can scroll down – I recommend filtering to make life easy. First we see the default options and then second I have my edited values entered, clicking ‘OK’ will commit these changes.

Edit Advanced vCenter Server Settings - Default Values

Edit Advanced vCenter Server Settings - Changed Values

 

HTML5 Client

The HTML5 interface does not yet appear to offer the ability to edit these values, it simply allows you to view them. Please note you either need to scroll through the list of Key/Value pairs or use the filter option and enter ‘certmgmt’ to display only those values we are interested in. Note that in the HTML5 client the filter option is not a text box but the traditional filter symbol.

VMware vCenter Certificate Management Default Values HTML5 Client View Settings

 

PowerShell PowerCLI

Finally let’s take a look at the settings via the VMware PowerCLI PowerShell module. There are a few ways you can do this, I’ll give you two examples below followed by the expected output from running one of these commands.

OK so we have our list of values and you can see they are currently set to the defaults. There are many ways we can change the value, again I’ll show you a couple just to give an idea of how things can be done. First off I’ll include the -Verbose and -WhatIf parameters – this won’t actually run the command it will just emulate it and give additional logging output. The second command will actually execute the change resulting in the system prompting for confirmation followed by output demonstrating the change has occurred.

 

There are plenty of ways to pipe variables through and make changes to all the settings but I don’t intend to cover that in this post, if you’re interested drop me a message or add a comment below.

1 thought on “VMware vCenter Certificate Management Default Values

Leave a Reply