vCenter Certificate Automation Tool

VMware announced a new tool on 4/4/2013 that aims to help with the certificate deployments in vSphere 5.1, you can read the notes on the product below and download the vCenter Certicate Automation Tool here.

From the Installation Document:

VMware is announcing the release of the vCenter Certificate Tool 1.0. This tool will help customers’ update the certificates needed for running vCenter Server and supporting components. This is mostly for customers who use custom certificates either generated internally from Corporate CAs or from public CA’s like VeriSign.

Various components within vSphere and vCenter platform use certificates for identifying themselves as well as for secure communication with external software entities (browsers, API clients).  These can broadly be classified into the following categories:

a)    STS Certificate – Certificate used by vCenter Single Sign On (SSO) for encryption the SAML 2.0 tokens
b)   Solution User Certificates – Certificates used by each solution to identify themselves as users to SSO
c)    SSL Certificates  – certificates needed for SSL communication for the UI and API layer
d)   Host Certificates – These certificates are deployed in each ESXi host and used for secure vCenter to ESXi communication.

The certificate tool automates the update of certificates in the management layer only (a, b, c above). This tool does NOT handle replacement of certificates in ESXi hosts.

The vCenter Cert Tool aims to automate the process of uploading certificates and restarting the following components within the vCenter platform:

1.     vCenter Server
2.     vCenter Single Sign On
3.     vCenter Inventory Service
4.     vSphere Web Client
5.     vCenter Log Browser
6.     VMware Update Manager (VUM)
7.     vCenter Orchestrator (VCO)