Arun Stephens

VMware Server 2.0 - using your own SSL certificate

The default installation of VMware Server 2.0 uses a self-signed certificate for the web-based management console, VMware Infrastructure Web Access. (Notice how they copied the Microsoft fashion of naming the web based tool, like Outlook Web Access and Project Web Access.)

But you may want to use a different certificate. One that browsers in your organisation will actually recognise. I couldn’t find any information on the web, so went hunting in the config files.

The location of the certificate and key are specified in the file /etc/vmware/hostd/config.xml. The default location is /etc/vmware/ssl/.

You may want to create your own certificate authority (CA). I followed the Ubuntu Server Guide‘s instructions, but apart from file locations, those instructions will probably do for any installation of OpenSSL.

Once I had set up the new certificates, I had to reboot the machine. Restarting VMware didn’t do it, but that was probably because I didn’t restart the right service. Rebooting definitely worked.

With my new certificate, IE7 still prompts me for a client certificate to present, but pressing cancel to that box gives you a proper secure session without the ugly red security warning by the address bar. With Firefox it works fine.

I haven’t investigated the prompt for a client certificate in IE yet, but if you know and want to save me the trouble of figuring it out for myself, please post a comment!