Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell

Ahhh, it seems like replacing SSL certificates in vSphere is a neverending process. My vSphere farm was not prompting me about untrusted SSL certs until I installed the NetApp Virtual Storage Console. Using the template from my previous posts, however, I was able to quickly update VSC’s certs using a combination of the practical admin’s post and NetApp’s KB (login required).

The pratical admin post kept VSC’s keystore password encrypted, but with vSphere keystore passwords being so easily available on the Internet and NetApp’s KB suggesting to place the password on the filesystem in plain-text, I did it the easy way and kept the password (netapp) in clear text in the config file. I’ve tested this script on both VSC 4.1 and 4.2 and it worked quite well.

You can copy and paste the code below, or download the script directly here.

Note: this script uses the Windows CA default WebServer Certificate Template. It also makes backups of your original certificates.

Done!

All SSL Certificate Replacement Posts and Scripts in this Series

vSphere 4.1-5.0 SSL Generation and Replacement Post Script
vSphere 5.1 SSL Generation and Replacement Post Script
ESX Certificate Generation and Upload Post Script
NetApp Virtual Storage Console SSL Generation and Replacement Post Script
Site Recovery Manager SSL Generation and Replacement Post Script
VMware View Composer SSL Generation and Replacement Post Script
VMware Horizon View SSL Generation and Replacement Post Script

Chrissy is a Cloud and Datacenter Management MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, and holds a number of certifications, including those relating to SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in PowerShell, Security, VMware
8 comments on “Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell
  1. Kris Boeckx says:

    Hi,

    Thanks for the script, it saved me a lot of time !

    I had to change single quote to double quot of ["$rootCA$rootCAName"] to [""$rootCA$rootCAName""] because our $rootCAName has a space in the name.

  2. Jonathan Weavers says:

    Hey Chrissy –

    Your last post [Update NetApp Virtual Storage Console SSL Certs with your own Windows Domain CA Certificates using PowerShell] was freaking awesome. I have gone ahead and added your stuff to my Feedly account. Please keep me updated if you post anywhere else.

    Keep rocking –

    Jon

    • Chrissy LeMaire says:

      Glad you found it useful, Jonathan! I’m actually finishing up the 7 script VMware/SSL series today. This is currently the only place that I post.

  3. Aart says:

    Thank you, very, very much for this script! It saved me lots of time!

  4. Eugene says:

    Is it possible to add the download of an intermediate certificate as well?

  5. Calvin says:

    Thanks for this it worked great. However it does not replace the SSL certificate used by smvi, e.g. if you go to the logviewer (https://<VSCServer&gt;:8043/smvi/logViewer?id=<jobid>

    Do you have a method for replacing the SSL certificate used by this also?

  6. Adam says:

    Perfect. Hopefully it still works when VSC 5 is released.

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

*