Generate Certificates with VMware CertGen utility

VMware certgen utility is a command line utility what you can use to create certificate requests to sign by your Microsoft Certificate Authority (not just and only). This utility was written in powershell, and require openssl to operate.

This utility has more features than I describe below, but we will use it only to generate certificate requests to sign by third party authority like company’s MSCA.

  1. Make sure openssl is installed and added to the general windows path. (Guides at the bottom)
  2. Edit the default config file with your Company’s details. This file provides default values when generating every single certificate requests.
    1. Navigate to the certgenvvd_home_dir\CertGenVVD-3.0.4 folder.
    2. Enter the required details into default.txt according to your company
      • ORG= Organization’s name
      • OU= Organization Unit
      • LOC= Location
      • ST= State
      • CC= Country Code
      • CN= Common Name
      • keysize=2048
  3. Create a request file for your application to certgenvvd_home_dir\CertGenVVD-3.0.4\ConfigFiles folder. Values in SAN field can be unique, based on the application’s requirement.
  4. Use the CertGenVVD utility to create certificate requests to a third-party CA
    1. Open a Windows PowerShell prompt as an administrator and navigate to the certgenvvd_home_dir\CertGenVVD-3.0.4 folder.
    2. Run the command for generating certificates for the SDDC management components in VMware Validated Design according to the version of the CertGenVVD utility..
      #certgenvvd_home_dir\CertGenVVD-3.0.4\CertGenVVD-3.0.4.ps1 -CSR
    1. Locate the CSR files in the certgenvvd_home_dir\CertGenVVD-3.0.4\CSRCerts folder and send it to the third-party CA to get signed certificates. The CA will send you signed .cer files for each CSR and the Root certificate
  5. Upload the CSR file to your Microsoft certificate request site.
    1. Request a certificate
    2. Submit a certificate request
    3. Copy the content of the request to the request field (check for unwanted spaces)
  6. Download the certificate
  7. Optionally you can create a PEM file to import certificate using file import option in vRSLCM, or you can copy paste certificate in respective field. PEM file format should be as below:
  • Private Key
  • Domain Certificate
  • Intermediate Certificate
  • Root Certificate

You can provide the above information to vRSLCM with assemble a PEM file that includes all of the above in order.

Downloads and guides:
Certgen utility : link
Openssl for windows: link
How to set path in windows: link