The Enterprise Root CA certificate was coming close to expiry, and we had to replace the certificate on VMware App Volumes Manager. In this blog post, we will take a look into the following topics:
- How to identify the Microsoft Enterprise Root CA
- How to generate the Root Certificate *.cer
- Convert the certificate *.cer to *.pem format for App Volumes Manager
- Replace the certificate within the App Volumes Manager
- Configuring the App Volumes Manager for LDAPS
How to identify the Microsoft Enterprise Root CA
On any domain-joined box where you have the Active Directory administrative tools installed, open the adsiedit.msc and change the Naming Context to Configuration partition.
Navigate to the below path Under Certification Authorities, and you’ll find your Enterprise Root Certificate Authority server.
CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=askaresh,DC=dir
How to generate the Root Certificate *.cer
Log into the Root Certification Authority server with Administrator Account. Go to Start > Run > and type Cmd, and press on Enter button. Enter the following command:
certutil -ca.cert C:\Temp\rootca_cert.cer
Convert the certificate *.cer to *.pem format for App Volumes Manager
I typically use OpenSSL to convert all my certificates. Copy the rootca_cert.cer certificate into Folder – C:\OpenSSL-Win32\bin and run the following command to convert the certificate to PEM.
openssl x509 -in root_cer.cer -out adCA.pem
Note – We want the exported name to be adCA.pem as App Volumes Manager needs that name during setup.
Replace the certificate within the App Volumes Manager
Depending upon the number of AV Managers, you will have to repeat the steps:
- Copy the adCA.pem on each App Volumes Manager server, to the /config directory where the App Volumes Manager is installed. The default installation location for App Volumes Manager is C:\Program Files (x86)\Cloud Volumes\Manager.
- Restart the App Volumes Manager servers.
Configuring the App Volumes Manager for LDAPS
You only need to perform these steps on one App Volumes Manager per POD as the configurations are central on a SQL Database.
- Login to the App Volumes Manager and go to Configuration – AD Domains – Select the Domain – Edit or New depending upon your requirements
- Enter the Domain Name, Service Account Username, Service Account Password and Select Secure LDAPS. The port number is 636.
- Click on Update
I hope you will find these steps helpful to replace or configure the VMware App Volumes Manager with LDAPS.
Thanks,
Aresh Sarkari
Reference Links
Export Root Certification Authority Certificate – Windows Server | Microsoft Docs
Find the name of Enterprise Root CA server – Windows Server | Microsoft Docs
Configure CA Certificates in App Volumes Manager (vmware.com)
Leave a Reply