your home for end-user virtualization!

Using a Self-Signed SSL Certificate with IBM Storage Management Console for Vmware vCenter

The IBM Storage Management Console for Vmware vCenter adds a single-source of glass view into the IBM storage platform (in my case the StoreWize V7000) without leaving vCenter.

However, the default installation ships with an unsigned SSL Certificate that does not function well with IE9/vCenter. So at a minimum, you must use a self-signed SSL certificate to use it. IBM documents this problem here, but they don’t tell you how to fix it.

You will need:

  • A self-signed Certificate file in .pem format (they don’t tell you that)
  • The corresponding private key file in .pem format (they don’t tell you that)

This can be done using OpenSSL using the following commands.

Create your private key file:

openssl genrsa -des3 -out server.key 1024


Create the server CSR:

openssl req -new -key server.key -out server.csr


Create the Certificate from the CSR:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


Convert the Certificate to DER

openssl x509 -in server.crt -out server.der -outform DER


Convert the Certificate to PEM

openssl x509 -in input.der -inform DER -out server.pem -outform PEM


Convert the Private Key to PEM:

openssl rsa -in server.key -out serverkey.pem


Then drop the server.pem and serverkey.pem files in the following folder on the vCenter server.

C:\Program Files\IBM\IBM Management Console for VMware vCenter\ssl


Then modify the following registry keys under:

  • ssl_ca_certificate_file – Contains the relative path to the certificate file.
  • ssl_private_key_file – Contains the relative path to the private key file.

From there, simply restart the IBM Management Console Service!

Tags: , , , , , , , , ,