Lab: Signing the NSX CSR with a Microsoft (root) CA Server
⚡
Before this can be done please complete Configuring a Microsoft Server to be a Root Certificate Authority (CA) and Use OpenSSL to generate the Certificate Signing Request (CSR) for VMware NSX (with multiple SANs)
In this lab I am working with the following software and versions:
Software | Version | Filename |
---|---|---|
Windows Server | 2019 | en_windows_server_2019_updated_feb_2020_x64_dvd_de383770.iso |
- Sign the NSX CSR with a Microsoft SA Server
The Steps
- STEP 1: Open the Microsoft Active Directory Certificate Services
- STEP 2: Sign the NSX CSR
- STEP 3: Save the signed .csr file
STEP 1» Open the Microsoft Active Directory Certificate Services
STEP 2» Sign the NSX CSR
Select “Request a certificate”.
Select “advanced certificate request”.
Copy/Paste the content of the non-signed .csr into the request field.
Make sure to select the correct Certificate Template: “VMware NSX Certificates”
Click “Submit”.
Select “Base 64 encoded” and download both the “certificate: and the “certificate chain”
STEP 3» Save the signed csr file
Download them in the same folder as the initial (not-signed) .csr file is stored.
-----BEGIN CERTIFICATE----- MIIGgzCCBWugAwIBAgITFQAAAAarDMgMgI9fKwAAAAAABjANBgkqhkiG9w0BAQsF ADBGMRMwEQYKCZImiZPyLGQBGRYDbGFiMRQwEgYKCZImiZPyLGQBGRYEc2RkYzEZ MBcGA1UEAxMQc2RkYy1TVEVQLVdJTi1DQTAeFw0yMjA4MjcxOTA4NDlaFw0yNDA4 MjYxOTA4NDlaMH0xCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJaSDESMBAGA1UEBxMJ Um90dGVyZGFtMRQwEgYDVQQKEwtOU1ggQWNhZGVteTESMBAGA1UECxMJRWR1Y2F0 aW9uMSMwIQYDVQQDExpwb2QtMTIwLW5zeHQtbG0uc2RkYy5sb2NhbDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoJLyy4gLLUnUKIHDanOInr2HZled4Y d44nZRcb0Vu/KaVuhastM21q8TgkSDJwPKSILUr5+42lVUYwH42708a7DL8fKVap dbnOcHD33WTJ3xlI6kMZ2IhVtswywm1vfxIXiF1I3MvLARC1PZhui7xZSuBnXhz5 6nG6h3lGXUpOeOrKZdIxTQ8vzNcSOJzSBDCYYcQcZ+0b1yKqqUaWeLXtWNpDWCSd 2zfYOahzLYgs4Fkj/70uk5uagD+TuBwpvcj+VPrREAJfPbJrvU0PzSkRmFqubQle BIkgHmKl0sp490Z7h7jlUJLoBYHTV5tDgw825ZKn589WibDBx56wa3cCAwEAAaOC AzEwggMtMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG CCsGAQUFBwMBMIHLBgNVHREEgcMwgcCCD3BvZC0xMjAtbnN4dC1sbYIacG9kLTEy MC1uc3h0LWxtLnNkZGMubG9jYWyCEXBvZC0xMjAtbnN4dC1sbS0xghxwb2QtMTIw LW5zeHQtbG0tMS5zZGRjLmxvY2FsghFwb2QtMTIwLW5zeHQtbG0tMoIccG9kLTEy MC1uc3h0LWxtLTIuc2RkYy5sb2NhbIIRcG9kLTEyMC1uc3h0LWxtLTOCHHBvZC0x MjAtbnN4dC1sbS0zLnNkZGMubG9jYWwwHQYDVR0OBBYEFIKeek+NjY7vMcIc7k/0 zxX7RjjjMB8GA1UdIwQYMBaAFMlUQBfMs73FNY7sS9congVluUS+MIHMBgNVHR8E gcQwgcEwgb6ggbuggbiGgbVsZGFwOi8vL0NOPXNkZGMtU1RFUC1XSU4tQ0EsQ049 c3RlcC13aW4sQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9c2RkYyxEQz1sYWI/Y2VydGlmaWNh dGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlv blBvaW50MIG/BggrBgEFBQcBAQSBsjCBrzCBrAYIKwYBBQUHMAKGgZ9sZGFwOi8v L0NOPXNkZGMtU1RFUC1XSU4tQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNl cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9c2RkYyxEQz1s YWI/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25B dXRob3JpdHkwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIg5y1a4GG4zLBnzuD 17FHhsa1A2aDickhgcC1dwIBZAIBAjAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUF BwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBHni3IBJO2eEb2eppbzRDFWwh1idzevqpp BZzQ86XYPH+3hrYHDXztKR3TckKvk5a5twjzWmDE7z7YBaby566JVSZP0EsRRyB4 eAYim/R+DVVTb5VLnkodToJAqg/R5+16kOcKVm+jihmD0TWIrEomd6PYDQKTeRBT 8eXvEipc9JjimVrZkmhvAaM6xgWwpwyAxJKFX+4CDEpnivobMyXmPG9U99lOB0LZ lXipzKfkuC2h3HDpNSCn7mcEcTz1xWEp863/7KEd1inigrUBceiRKoOnYiiUMHUj 03wLzZb1i1bDQPAJmpH0ig/iPuOzmfM2kMuzyQfEuIj3H11zYcDN -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIQrgYJKoZIhvcNAQcCoIIQnzCCEJsCAQExADCCBpoGCSqGSIb3DQEHAaCCBosE ggaHMIIGgzCCBWugAwIBAgITFQAAAAarDMgMgI9fKwAAAAAABjANBgkqhkiG9w0B AQsFADBGMRMwEQYKCZImiZPyLGQBGRYDbGFiMRQwEgYKCZImiZPyLGQBGRYEc2Rk YzEZMBcGA1UEAxMQc2RkYy1TVEVQLVdJTi1DQTAeFw0yMjA4MjcxOTA4NDlaFw0y NDA4MjYxOTA4NDlaMH0xCzAJBgNVBAYTAk5MMQswCQYDVQQIEwJaSDESMBAGA1UE BxMJUm90dGVyZGFtMRQwEgYDVQQKEwtOU1ggQWNhZGVteTESMBAGA1UECxMJRWR1 Y2F0aW9uMSMwIQYDVQQDExpwb2QtMTIwLW5zeHQtbG0uc2RkYy5sb2NhbDCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoJLyy4gLLUnUKIHDanOInr2HZl ed4Yd44nZRcb0Vu/KaVuhastM21q8TgkSDJwPKSILUr5+42lVUYwH42708a7DL8f KVapdbnOcHD33WTJ3xlI6kMZ2IhVtswywm1vfxIXiF1I3MvLARC1PZhui7xZSuBn Xhz56nG6h3lGXUpOeOrKZdIxTQ8vzNcSOJzSBDCYYcQcZ+0b1yKqqUaWeLXtWNpD WCSd2zfYOahzLYgs4Fkj/70uk5uagD+TuBwpvcj+VPrREAJfPbJrvU0PzSkRmFqu bQleBIkgHmKl0sp490Z7h7jlUJLoBYHTV5tDgw825ZKn589WibDBx56wa3cCAwEA AaOCAzEwggMtMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM MAoGCCsGAQUFBwMBMIHLBgNVHREEgcMwgcCCD3BvZC0xMjAtbnN4dC1sbYIacG9k LTEyMC1uc3h0LWxtLnNkZGMubG9jYWyCEXBvZC0xMjAtbnN4dC1sbS0xghxwb2Qt MTIwLW5zeHQtbG0tMS5zZGRjLmxvY2FsghFwb2QtMTIwLW5zeHQtbG0tMoIccG9k LTEyMC1uc3h0LWxtLTIuc2RkYy5sb2NhbIIRcG9kLTEyMC1uc3h0LWxtLTOCHHBv ZC0xMjAtbnN4dC1sbS0zLnNkZGMubG9jYWwwHQYDVR0OBBYEFIKeek+NjY7vMcIc 7k/0zxX7RjjjMB8GA1UdIwQYMBaAFMlUQBfMs73FNY7sS9congVluUS+MIHMBgNV HR8EgcQwgcEwgb6ggbuggbiGgbVsZGFwOi8vL0NOPXNkZGMtU1RFUC1XSU4tQ0Es Q049c3RlcC13aW4sQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9c2RkYyxEQz1sYWI/Y2VydGlm aWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50MIG/BggrBgEFBQcBAQSBsjCBrzCBrAYIKwYBBQUHMAKGgZ9sZGFw Oi8vL0NOPXNkZGMtU1RFUC1XSU4tQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUy MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9c2RkYyxE Qz1sYWI/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRp b25BdXRob3JpdHkwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIg5y1a4GG4zLB nzuD17FHhsa1A2aDickhgcC1dwIBZAIBAjAbBgkrBgEEAYI3FQoEDjAMMAoGCCsG AQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBHni3IBJO2eEb2eppbzRDFWwh1idze vqppBZzQ86XYPH+3hrYHDXztKR3TckKvk5a5twjzWmDE7z7YBaby566JVSZP0EsR RyB4eAYim/R+DVVTb5VLnkodToJAqg/R5+16kOcKVm+jihmD0TWIrEomd6PYDQKT eRBT8eXvEipc9JjimVrZkmhvAaM6xgWwpwyAxJKFX+4CDEpnivobMyXmPG9U99lO B0LZlXipzKfkuC2h3HDpNSCn7mcEcTz1xWEp863/7KEd1inigrUBceiRKoOnYiiU MHUj03wLzZb1i1bDQPAJmpH0ig/iPuOzmfM2kMuzyQfEuIj3H11zYcDNoIIJ8jCC BoMwggVroAMCAQICExUAAAAGqwzIDICPXysAAAAAAAYwDQYJKoZIhvcNAQELBQAw RjETMBEGCgmSJomT8ixkARkWA2xhYjEUMBIGCgmSJomT8ixkARkWBHNkZGMxGTAX BgNVBAMTEHNkZGMtU1RFUC1XSU4tQ0EwHhcNMjIwODI3MTkwODQ5WhcNMjQwODI2 MTkwODQ5WjB9MQswCQYDVQQGEwJOTDELMAkGA1UECBMCWkgxEjAQBgNVBAcTCVJv dHRlcmRhbTEUMBIGA1UEChMLTlNYIEFjYWRlbXkxEjAQBgNVBAsTCUVkdWNhdGlv bjEjMCEGA1UEAxMacG9kLTEyMC1uc3h0LWxtLnNkZGMubG9jYWwwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKCS8suICy1J1CiBw2pziJ69h2ZXneGHeO J2UXG9FbvymlboWrLTNtavE4JEgycDykiC1K+fuNpVVGMB+Nu9PGuwy/HylWqXW5 znBw991kyd8ZSOpDGdiIVbbMMsJtb38SF4hdSNzLywEQtT2Ybou8WUrgZ14c+epx uod5Rl1KTnjqymXSMU0PL8zXEjic0gQwmGHEHGftG9ciqqlGlni17VjaQ1gknds3 2Dmocy2ILOBZI/+9LpObmoA/k7gcKb3I/lT60RACXz2ya71ND80pEZharm0JXgSJ IB5ipdLKePdGe4e45VCS6AWB01ebQ4MPNuWSp+fPVomwwceesGt3AgMBAAGjggMx MIIDLTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr BgEFBQcDATCBywYDVR0RBIHDMIHAgg9wb2QtMTIwLW5zeHQtbG2CGnBvZC0xMjAt bnN4dC1sbS5zZGRjLmxvY2FsghFwb2QtMTIwLW5zeHQtbG0tMYIccG9kLTEyMC1u c3h0LWxtLTEuc2RkYy5sb2NhbIIRcG9kLTEyMC1uc3h0LWxtLTKCHHBvZC0xMjAt bnN4dC1sbS0yLnNkZGMubG9jYWyCEXBvZC0xMjAtbnN4dC1sbS0zghxwb2QtMTIw LW5zeHQtbG0tMy5zZGRjLmxvY2FsMB0GA1UdDgQWBBSCnnpPjY2O7zHCHO5P9M8V +0Y44zAfBgNVHSMEGDAWgBTJVEAXzLO9xTWO7EvXKJ4FZblEvjCBzAYDVR0fBIHE MIHBMIG+oIG7oIG4hoG1bGRhcDovLy9DTj1zZGRjLVNURVAtV0lOLUNBLENOPXN0 ZXAtd2luLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2 aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXNkZGMsREM9bGFiP2NlcnRpZmljYXRl UmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Q b2ludDCBvwYIKwYBBQUHAQEEgbIwga8wgawGCCsGAQUFBzAChoGfbGRhcDovLy9D Tj1zZGRjLVNURVAtV0lOLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2 aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXNkZGMsREM9bGFi P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0 aG9yaXR5MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIOctWuBhuMywZ87g9ex R4bGtQNmg4nJIYHAtXcCAWQCAQIwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcD ATANBgkqhkiG9w0BAQsFAAOCAQEAR54tyASTtnhG9nqaW80QxVsIdYnc3r6qaQWc 0POl2Dx/t4a2Bw187Skd03JCr5OWubcI81pgxO8+2AWm8ueuiVUmT9BLEUcgeHgG Ipv0fg1VU2+VS55KHU6CQKoP0eftepDnClZvo4oZg9E1iKxKJnej2A0Ck3kQU/Hl 7xIqXPSY4pla2ZJobwGjOsYFsKcMgMSShV/uAgxKZ4r6GzMl5jxvVPfZTgdC2ZV4 qcyn5Lgtodxw6TUgp+5nBHE89cVhKfOt/+yhHdYp4oK1AXHokSqDp2IolDB1I9N8 C82W9YtWw0DwCZqR9IoP4j7js5nzNpDLs8kHxLiI9x9dc2HAzTCCA2cwggJPoAMC AQICEHf5Y6zMTNinRH5dfEntOQ4wDQYJKoZIhvcNAQELBQAwRjETMBEGCgmSJomT 8ixkARkWA2xhYjEUMBIGCgmSJomT8ixkARkWBHNkZGMxGTAXBgNVBAMTEHNkZGMt U1RFUC1XSU4tQ0EwHhcNMjIwODI2MTUyMzU1WhcNMjcwODI2MTUzMzU0WjBGMRMw EQYKCZImiZPyLGQBGRYDbGFiMRQwEgYKCZImiZPyLGQBGRYEc2RkYzEZMBcGA1UE AxMQc2RkYy1TVEVQLVdJTi1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJQQb1C5T7lxEkxvq33pJu0wKSqqfkq9q1YE/OGIvHWcm3BNP0PHsLiWaep 94bVIcHveDxCyjDLyeoynWS+re4CrZBoHadbuTjEKYPgujZPaMObLcX7U4fO2Pms 1LAb7/vRJ7Yvf98nGldOTaglCocMqaAL8A/1aeTfh+a/rkijsJJLmo9LEaRdXicq dUUTPYJQeRcfP3zwObMPeR5fzpKrYr6JcKdzrPITWvXmtcW1GeQlWfnr7NRUU40e +VvTJkRbhqx4Cpi4/vmMoX1GsxJDCQI0giNh+2bld1xLAAPaEfiLTDuI+Zbk98pn PKhLO7kuB5bzhKXLbA9wgJAbZUkCAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1Ud EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMlUQBfMs73FNY7sS9congVluUS+MBAGCSsG AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQACdkP3qYs51tAURM3z5yuY Qig8JzWDLd2haEcCbZSEkX1o5Yu6MtyNFTCGrqLemw9a+kNgGwzWU3MXvASQ35Tx c7vrCJWIYic6uxdnVGGiafLOb25Kui6X5/QRajn7DiI/OzplT4vtqf5/nKaJk68u BJj6BrVR3OfyWVawWNCXFJhGSmK+h4KsyL4BdSe5i6tS55WFPoZnZgRKYLmXrPbv IVj/bh1l67yMxEOpdIrXvJDEeE6Vs7GJXUUlB0BNoG9Y8y4Q9+B681jaGq0wOByz DeKEk/TSDVSN4ZxY+SeRo7woZWcdN46CbWAe+ui+CV79A4JHp9GJro++PoWW+DMl MQA= -----END CERTIFICATE-----
Continue with >> Lab: Replacing the self-signed SSL certificates with CA-signed certificates