Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell

Ahhh, it seems like replacing SSL certificates in vSphere is a neverending process. My vSphere farm was not prompting me about untrusted SSL certs until I installed the NetApp Virtual Storage Console. Using the template from my previous posts, however, I was able to quickly update VSC’s certs using a combination of the practical admin’s post and NetApp’s KB (login required).

The pratical admin post kept VSC’s keystore password encrypted, but with vSphere keystore passwords being so easily available on the Internet and NetApp’s KB suggesting to place the password on the filesystem in plain-text, I did it the easy way and kept the password (netapp) in clear text in the config file. I’ve tested this script on both VSC 4.1 and 4.2 and it worked quite well.

You can copy and paste the code below, or download the script directly here.

Note: this script uses the Windows CA default WebServer Certificate Template. It also makes backups of your original certificates.

Done!

All SSL Certificate Replacement Posts and Scripts in this Series

vSphere 4.1-5.0 SSL Generation and Replacement Post Script
vSphere 5.1 SSL Generation and Replacement Post Script
ESX Certificate Generation and Upload Post Script
NetApp Virtual Storage Console SSL Generation and Replacement Post Script
Site Recovery Manager SSL Generation and Replacement Post Script
VMware View Composer SSL Generation and Replacement Post Script
VMware Horizon View SSL Generation and Replacement Post Script

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain RealCajunRecipes.com in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in PowerShell, Security, VMware
8 comments on “Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell
  1. Kris Boeckx says:

    Hi,

    Thanks for the script, it saved me a lot of time !

    I had to change single quote to double quot of ["$rootCA$rootCAName"] to [""$rootCA$rootCAName""] because our $rootCAName has a space in the name.

  2. Jonathan Weavers says:

    Hey Chrissy –

    Your last post [Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell] was freaking awesome. I have gone ahead and added your stuff to my Feedly account. Please keep me updated if you post anywhere else.

    Keep rocking –

    Jon

    • Chrissy LeMaire says:

      Glad you found it useful, Jonathan! I’m actually finishing up the 7 script VMware/SSL series today. This is currently the only place that I post.

  3. Aart says:

    Thank you, very, very much for this script! It saved me lots of time!

  4. Eugene says:

    Is it possible to add the download of an intermediate certificate as well?

  5. Calvin says:

    Thanks for this it worked great. However it does not replace the SSL certificate used by smvi, e.g. if you go to the logviewer (https://<VSCServer&gt;:8043/smvi/logViewer?id=<jobid>

    Do you have a method for replacing the SSL certificate used by this also?

  6. Adam says:

    Perfect. Hopefully it still works when VSC 5 is released.

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

*