Sometime you would like to include SAN (Subject Alternative Name) to your certificate. SAN is a specific type of SSL that allows you to secure multiple domains/subdomains with just one SSL.
However VMware tool
/usr/lib/vmware-vmca/bin/certificate-manager have no option to add SANs.
The solution for this is to not use certificate manager from VMware to create CSR, but use req.conf file.
- SSH to your vCenter server
- Create new file named req.conf
- Paste this code:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = your_country ST = state L = City O = Organization OU = OrgUnit CN = dns_name.your.domain.com [v3_req] extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = dns_name.your.domain.com
- Edit only (Do not change anything else!):
- If you want multiple SANs add more DNS entries after DNS.1
DNS.1 = dns_name.your.domain.com DNS.2 = dns_name2.your.domain.com DNS.3 = dns_name3.your.domain.com
- Save the file – name has to be
- Run this command to request CSR:
openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf
How to create a certificate from this CSR please read this article – > https://angrysysops.com/2021/09/09/how-to-renew-certificates-for-vcenter-6-x/
If you need for same reason to convert your certificate to PEM format:
openssl x509 -in mycert.crt -out mycert.pem -outform PEM
Please like and share to spread the knowledge in the community.
Let’s chat on Twitter: https://twitter.com/AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A