Jase's Place

Well, I've confirmed on my test system, that a Go Daddy wildcard certificate will work on a VI3 (VirtualCenter 2.5 & ESX 3.5) system.

Let's say you already have a wildcard certificate in place on an IIS web server, and you'd like to use it in your VI3 environment.

First you'll need to export the cert from your IIS box, using the Certificates snap in.

Right click, then All Tasks, then Export, and Next on the first screen

Select "Yes, export the private key

"Personal Information Exchange - PKCS #12 (.PFX)" should be selected
And "Include all certificates in the certification path if possible" should be checked.

Enter your password here

Enter a filename for the exported cert. I called it wildcard.pfx

Click finish.

Now you'll need to use OpenSSL to convert the file you just generated.

I ran the openssl.exe from the path on my test system (C:\openssl\bin)

C:\openssl\bin\openssl.exe pkcs12 -in wildcard.pfx -out wildcard.txt -nodes. You will be asked for the password you entered when you were exporting the pfx.

Now open the wildcard.txt with Wordpad (notepad won't work). I use Win32Pad instead.

Grab the portion with the following:
-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY-----
And save this (notepad is fine for this) as rui.key

Grab the portion with the following:
-----BEGIN CERTIFICATE-----
(Block of Random Text)
-----END CERTIFICATE-----

And save this (notepad is fine for this) as rui.crt

Make sure you make a backup of the existing keys, in the case that something goes wrong with this process. They are located in the c:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL folder.

Now, rename the wildcard.pfx to rui.pfx. Copy rui.pfx, rui.crt, and rui.key files, to the above folder.

You'll then need to reinitialize the vpxd password. Run "vpxd.exe -p" again from a Dos box in the following folder:
c:\Program Files\VMware\Infrastructure\VirtualCenter Server

Then restart your VirtualCenter service.

You should then be able to log into your VirtualCenter server using a wildcard certificate.

Additionally, you can upload the rui.crt and rui.key files to your ESX host (using WinSCP) to the /etc/vmware/ssl/ path. Make sure you back these up too.

I then restarted my ESX 3.5 system, and it started to use the wildcard certificate as well.


As always, If you wish to use this method that I have seen success with, feel free to.
By using the methods I have described, you agree that I will not be held liable for any issues in your environment.

Enjoy.

Labels: VMware

I'm sure this has been around, but I just found it.


I enjoy watching 24, as well as any comparison of today's technology to yesterday's technology.


Watch the "Pilot" for 24, if it were pitched to the networks in 1994.

http://www.collegehumor.com/video:1788161

Labels: Comedy

Well I was looking at this blog post:
http://www.ntpro.nl/blog/archives/325-The-ultimate-ESX-3.5-white-box.html

And I thought... We've got one of those lying around.

So I figured I'd give it a try.

I added a supported nic, and was on my way. Then I realized that my D530 only had an IDE drive in it.

I installed ESX 3.5, and sure enough it griped because it didn't have any storage. On a positive note, the onboard nic was recognized by ESX. So I didn't even need to add a "supported" nic.

Well I didn't have any SATA drives or non-supported SATA RAID controllers.

So I looked at this VMTN forum post:
http://communities.vmware.com/thread/47225

To address some storage, without wanting to setup another box on the network, I followed the instructions from the PDF located in the thread: http://www.vmug.nl/downloads/VMWare_NFS_en_iSCSI.pdf

Thanks to Reinout Wijnveen for the instructions.

Despite the fact that I don't know Dutch, I was able to mull my way through the document. Sure enough, success!

Now I've got a "free" ESX test box. Keep in mind it isn't the fastest (with a 3.0 GHz P4, and 1GB of RAM), but I can "play" without having to touch our test or production environments.

Have you ever wanted to put the "truth" in a Shutdown Event Tracker comment box?


I've had to deal with my fair share of terrible applications/services, that the "Business Unit" has decided to use, but were less than, shall I say "Stellar".

I figured I'd post this, as I thought it was funny to see what it looked like when I followed the spirit of George Washington, in the fact that "I cannot tell a lie."

Thanks,
Jase

Labels: Windows

Well, it may not be supported, but ESX 3.5 does install on an IBM x440.

This isn't the first time VMware ESX has not been certified on an IBM x440.

When ESX 3.0.0 came out, there was a small outcry on the VMTN forums (by those of us that have them) about these boxes being supported, as they were close to End-Of-Life, but still represented significant investments.

I spoke with my VMware SE many times about it needing to be supported. He said that it "Should" run on it, despite the fact that it wasn't officially supported.

Several months after the initial uproar, VMware certified ESX 3.0.0 to run on an IBM x440.

Well here we are again, 3.5 just came out on 12/10/07, and yet again, the x440 was left off the hardware compatibility list.

A coworker bought a quad proc (1.4GHz Xeon) x440, for personal use, and we fired it up.

Low and behold, ESX 3.5 does install, and the VMkernel loads.

Even though the HCL recommends a minimum 1.5GHz cpu speed, the installation didn't seem to care that this box was a wee 100MHz shy of the minimum recommended cpu requirements.

He hasn't loaded any VM's on it yet, as it was late in the day, and we didn't get around to it. From initial indications, it looks like ESX 3.5 may just run on an IBM x440.

I'll post more when I get more info, as to how well this runs...

Labels: VMware