VMware App Volumes – AD Domain – LDAPS Configuration/Certificate Renewal

19 Aug

The Enterprise Root CA certificate was coming close to expiry, and we had to replace the certificate on VMware App Volumes Manager. In this blog post, we will take a look into the following topics:

  • How to identify the Microsoft Enterprise Root CA
  • How to generate the Root Certificate *.cer
  • Convert the certificate *.cer to *.pem format for App Volumes Manager
  • Replace the certificate within the App Volumes Manager
  • Configuring the App Volumes Manager for LDAPS

How to identify the Microsoft Enterprise Root CA

On any domain-joined box where you have the Active Directory administrative tools installed, open the adsiedit.msc and change the Naming Context to Configuration partition.

Adsiedit Connection

Navigate to the below path Under Certification Authorities, and you’ll find your Enterprise Root Certificate Authority server.

CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=askaresh,DC=dir
Active Directory – Configuration Partition

How to generate the Root Certificate *.cer

Log into the Root Certification Authority server with Administrator Account. Go to Start > Run > and type Cmd, and press on Enter button. Enter the following command:

certutil -ca.cert C:\Temp\rootca_cert.cer

Convert the certificate *.cer to *.pem format for App Volumes Manager

I typically use OpenSSL to convert all my certificates. Copy the rootca_cert.cer certificate into Folder – C:\OpenSSL-Win32\bin and run the following command to convert the certificate to PEM.

openssl x509 -in root_cer.cer -out adCA.pem

Note – We want the exported name to be adCA.pem as App Volumes Manager needs that name during setup.

Replace the certificate within the App Volumes Manager

Depending upon the number of AV Managers, you will have to repeat the steps:

  • Copy the adCA.pem on each App Volumes Manager server, to the /config directory where the App Volumes Manager is installed. The default installation location for App Volumes Manager is C:\Program Files (x86)\Cloud Volumes\Manager.
  • Restart the App Volumes Manager servers.

Configuring the App Volumes Manager for LDAPS

You only need to perform these steps on one App Volumes Manager per POD as the configurations are central on a SQL Database.

  • Login to the App Volumes Manager and go to Configuration – AD Domains – Select the Domain – Edit or New depending upon your requirements
  • Enter the Domain Name, Service Account Username, Service Account Password and Select Secure LDAPS. The port number is 636.
  • Click on Update
App Volumes Manager – AD Domains

I hope you will find these steps helpful to replace or configure the VMware App Volumes Manager with LDAPS.

Thanks,
Aresh Sarkari

Reference Links

Export Root Certification Authority Certificate – Windows Server | Microsoft Docs

Find the name of Enterprise Root CA server – Windows Server | Microsoft Docs

Configure CA Certificates in App Volumes Manager (vmware.com)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: