Dell Management Plug-in for VMware vCenter 1.6 Technical White Paper

Irfan Azam

Dell Management Plug-in for VMware
vCenter: Custom SSL/HTTPS
Certificate using Microsoft Windows
Certification Authority

This Dell Technical white paper describes the necessary steps to
generate and consume a cus t om S SL/HTTPS certificate for the Dell
Management Plug-in using Microsoft Windows Certification Authority.

Yousaf Sajjad

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

This document is for informational purposes only and may contain typographical errors and
technical inaccuracies. The content is provided as is, without express or implied warranties of any
kind.

© 2012 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions
in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and
Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft,
Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation
in the United States and/or other countries. Other trademarks and trade names may be used in this
document to refer to either the entities claiming the marks and names or their products. Dell disclaims
proprietary interest in the marks and names of others.

January 2013| Rev 1.0

ii

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Contents

Introduction .............................................................................................................. 4

Audience and scope ................................................................................................... 4

Prerequisites ........................................................................................................... 4

Why use an SSL certificate? ........................................................................................... 4

Why use a custom certificate? ........................................................................................ 4

Custom certificate attributes ......................................................................................... 5

Generating a CSR using the Administration Console .............................................................. 5

Certificate signing using Microsoft Windows CA ................................................................... 8

Uploading a certificate to the virtual appliance ................................................................ 12

iii

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Introduction

The Dell Management Plug-in is a virtual appliance used to reduce tools and tasks associated with the
management and deployment of Dell servers in your virtual environment. It reduces complexity by
natively integrating the key management capabilities into the vCenter console. It minimizes risk with
hardware alarms, streamlined firmware updates and deep visibility into inventory and provides health
and warranty details.

The Dell Management Plug-in for VMware vCenter is designed to streamline the management processes
in your data center environment. It lets you use VMware vCenter to manage your entire infrastructure­both physical and virtual. From firmware updates to bare metal deployment, the Dell Management
Plug-In for VMware vCenter expands and enriches your data center management experience with Dell
PowerEdge servers.

This white paper provides all necessary information to generate and consume custom SSL/HTTPS
certificate for the Dell Management Plug-in using Microsoft Windows Certification Authority.

Audience and scope

The scope of the document is to provide a detailed procedure towards setting up a custom SSL/HTTPS
certificate for Dell Management Plug-in appliance using Microsoft Windows Certification Authority. This
white paper is intended for sale engineers, field application engineers, test engineers, architects or IT
administrators who are involved in the decision-making process for the planning, configuration, and
operation of a dynamic datacenter. This document is intended to assist you in using the Dell
Management Plug-in for managing vSphere hosts, which are Dell servers in a vCenter.

Prerequisites

You are expected to have working knowledge of networking, SSL, HTTP and digital certificates. This
document also requires the Microsoft Windows Certification Authority services running on a server
within the same/trusted network where the Dell Management Plug-in is running.

You are expected to know the steps for installing Dell Management Plug-in for VMware vCenter and
registering it to a vCenter. You can find more information on installing and registering the Dell
Management Plug-in to a vCenter in Dell Management Plug-in for VMware vCenter User’s Guide.

Why use an SSL certificate?

For secure HTTPS communication, the web server requires the SSL certificate on the Dell Management
Plug-in.

Why use a custom certificate?

Uploading a custom SSL certificate, signed by a trusted CA, establishes a trusted/secure client and
server communication within the organization. This custom certificate fixes the trusted certificate
exception in the web browser. In addition, it fixes the problem of accepting the virtual appliance
certificate while connecting to the vSphere client or browsing the virtual appliance content within
vSphere client.

4

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Custom certificate attributes

The virtual appliance supports a X.509 certificate with RSA 2048-bit key encryption standard and
requires the certificate to be in the PEM format (http://en.wikipedia.org/wiki/X.509

).

Generating a CSR using the Administration Console

Use the Administration Console to generate the certificate signing request (CSR).

1. Open the Administration Portal using https://appliance-ip-or-fqdn and on the left side of the
Administration Console, click Appliance Management.

Using the Administration Console. Figure 1.

2. Under HTTPS Certificates, click Generate Certificate Signing Request.

5

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Generating the certificate signing request. Figure 2.

3. Provide the required information and make sure that the Common Name field contains the
appliance’s FQDN/Hostname or localhost.localdomain if FQDN/Hostname is not set.

6

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Success dialog box. Figure 3.

4. Click Continue, and then click Download Certificate Signing Request.

5. Copy and/or save the text from the newly opened browser tab or window.

7

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Copy the BEGIN and END of the Certificate Request. Figure 4.

Certificate signing using Microsoft Windows CA

This section shows you how to digitally sign a CSR generated by the Administration Console using
Microsoft Windows Certification Authority. This section assumes that the certification authority server
has already been configured.

1. Open the certification authority portal page in the web browser by using

authority-address/certsrv

2. Click Request a certificate.

http://certificate-

8

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Using Microsoft Active Directory Certificate Services. Figure 5.

Click Advanced certificate request.

Requesting a certificate. Figure 6.

3. Click Submit a certificate request by using base-64-encoded CMC or PKCS #10 file… .

Advanced Certificate Request screen. Figure 7.

4. Paste the CSR text you copied in the previous procedure in the text area and submit the
request. Make sure that the BEGIN and END certificate REQUEST tags are present in the text.

9

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Pasting in the certificate request. Figure 8.

5. On the Certification Authority server, open the Certification Authority snapshot.

Opening the Certificate Authority snapshot. Figure 9.

6. Right-click the pending certificates folder and issue the certificate.

Issuing the certificate. Figure 10.

7. Open the Certification Authority portal page and go to View the status of a pending certificate
request.

10

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

8. Download the Saved-Request Certificate to the local disk.

Downloading the certificate. Figure 11.

9. To Download DER encoded certificate, click Download Certificate.

10. Convert the certificate from cert/cer format to PEM format using openssl or using the
directions from the following web sites:

• https://www.sslshopper.com/ssl-converter.html

• http://www.bo.infn.it/alice/introgrd/certmgr/node2.html

11

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Converting SLL formats. Figure 12.

Uploading a certificate to the virtual appliance

This section provides information about how to upload the certificate, which you obtained following
the instructions in the previous section, onto the virtual appliance using Administration Console.

1. Open the Administration Portal using https://appliance-ip-or-fqdn and on the left side of the
Administration Console, click Appliance Management.

2. Click Upload Certificate and browse the certificate.pem or certificate.crt file.

12

Dell Management Plug-in for VMware vCenter: Custom SSL/HTTPS Certificate using Microsoft Windows
CA

Selecting the certificate to upload. Figure 13.

3. Click Upload certificate.

4. After upload is complete, log out from Administration Console, refresh the browser page and
re-login to establish the HTTPS session using the new certificate.

13