Honestly I never bothered replacing the self-signed certs before, but with browsers stopping support of SHA-1 and trying to better follow the Security Hardening guide, I figured it would be a good time to start installing the proper SSL certificates.
Ideally I would like to just get a wildcard cert for internal servers since everything is on "na.domain.com". But I am not so sure that is possible with vCenter or I just don't know how to do it.
To start I am using VCSA 6.0 with an external Platform Services Controller. I was looking at this article, http://kb.vmware.com/selfservice/mi...nguage=en_US&cmd=displayKC&externalId=2112277 which goes over generating a CSR with the machine name which isn't what I am trying to accomplish. There is an option to Import custom certificates, but I want to ensure wildcard certs are supported before generating a CSR with OpenSSL and purchasing it.
I looked at a couple of other articles and noticed they mention having AD Certificate Services installed and started wondering if it is only supported using Microsoft Certificate Authority and not a third party like GeoTrust.
So the first question, are wildcard certs supported, and if so, how are they implemented? Or if they are not supported, is using a MS CA my only option or can I purchase valid certs?
Ideally I would like to just get a wildcard cert for internal servers since everything is on "na.domain.com". But I am not so sure that is possible with vCenter or I just don't know how to do it.
To start I am using VCSA 6.0 with an external Platform Services Controller. I was looking at this article, http://kb.vmware.com/selfservice/mi...nguage=en_US&cmd=displayKC&externalId=2112277 which goes over generating a CSR with the machine name which isn't what I am trying to accomplish. There is an option to Import custom certificates, but I want to ensure wildcard certs are supported before generating a CSR with OpenSSL and purchasing it.
I looked at a couple of other articles and noticed they mention having AD Certificate Services installed and started wondering if it is only supported using Microsoft Certificate Authority and not a third party like GeoTrust.
So the first question, are wildcard certs supported, and if so, how are they implemented? Or if they are not supported, is using a MS CA my only option or can I purchase valid certs?