VMware Access Point – Updating Certificate 2


Starting with View 6.2 you can now deploy the VMware Access Point to access View externally.  Security servers are still available but this appliances brings some advances over using the security server.  You dont pair the appliance directly with a single connection server it can be configured to use a load balance address plus its a hardened Linux appliance.

VMware documentation can be found here

@cstalhood has a fantastic blog to set this up that can be found here

the following will illustrate how to update the certificate.  First download OpenSSL, I will be using Windows OpenSSL.  I will be using the same certificate I was using on the security server which I have exported as a .pfx.  I need to convert it to a .pem file and I also need to make sure the key is converted to RSA format.  Run the following command, my export is called export.pfx, my new converted file will be called accesspoint.pem

openssl pkcs12 -in export.pfx -out accesspoint.pem -nodes

openssl rsa -in accesspoint.pem -out accesspoint.key

accesspointcert01

accesspointcert02

Open the file up in Notepad++.  Notice the layout, we need to convert these to a single line.  In Notepad++ choose Search – Replace.  If the EOL type is UNIX (check bottom right) then find \n and replace with \\n.  Make sure Extended (\n, \r, \t, \0, \x..) is selected.  Once complete you will see layout as one line

accesspointcert03  accesspointcert04  accesspointcert05

To upload the certificate you need to use the REST API.  I use Postman as a Chrome extension, find this under Chrome Apps

Untitled

Open Postman and change the Authentication to Basic Auth

accesspointcert05-1

Enter the below address and change the command to PUT

https://access-point-ip:9443/rest/v1/config/certs/ssl

Select Body – Raw – JSON (application/json). 

accesspointcert06

Create a JSON request the same as the above screen shot and below.  Replace string with the test out of the certificate files we created previously, make sure this string remains in the brackets.  the string for the private key MUST be followed by a comma but the cert chain one doesnt require this.

{

“privateKeyPem”:”string”,

“certChainPem”: “string”

}

Once entered select SEND

accesspointcert07

You should now see a status of 200 OK.

Now browse to https://access-point-fqdn and see if the cert has been applied successfully.  The certificate should have the external hostname


Leave a comment

Your email address will not be published. Required fields are marked *

2 thoughts on “VMware Access Point – Updating Certificate

  • Mark Benson

    A simpler method is now available which is to just add these 3 lines to the PowerShell .INI file and rerun apdeploy.ps1.

    [SSLCert]
    pemCerts=accesspoint.pem
    pemPrivKey=accesspoint.key

    No need for pasting PEM format text into Notepad++, no need to replace newline characters and no need to use curl, postman or any REST API. apdeploy.ps1 takes about 2 minutes and Access Point is then production ready on first boot with all settings automatically set up.

    See https://communities.vmware.com/docs/DOC-30835

    Mark