Howto: Creating a CA template for VMware services

Having setup my lab's PKI infrastructure previously, one of the next steps I needed to complete was to create a template for certificates for VMware's products to use as they require certain properties to be present in the certificates used. There is a KB article that covers this but I wanted to run through it and use some of the specifics for my lab. Template for VMware SSL Certificates This template will provide certificates for ESXi hosts, vCenter, vRA, vRO etc. To create it, we first need the Certificate Templates Console. This can be opened by running certtmpl.msc. Per…

Read More

Howto: Configuring a homelab online subordinate CA

A quick recap of where I got to. I have an offline Root CA (well, it's still online because I'll need it in a minute) and I've created a website on my online subordinate CA server to host the Root CA certificate and CRL files. The purpose of the subordinate CA is to handle certificate signing and repudiation for all services in my infrastructure that require them. It will be granted the authority to do so by the Root CA. So this post covers the remaining steps of the process, which are: Installing and configuring the subordinate CA Signing the…

Read More

Howto: Publishing offline Root CA certs and CRLs

Previously, I setup an offline Root CA in my homelab with the intention emulating a PKI setup that many enterprises seem to run. The second stage of this process is publishing the Root CA certificate and CRL in a place that they can be accessed when the Root CA is offline. If you recall, I configured the Root CA to publish its CRL etc to a location on pki.o11n.lab. I now need to create that. The Server Rather than run my lab's online CA on a domain controller, which might be tempting but causes other issues, I have…

Read More