Check out Derek Seaman’s multi-step blog post. It is the most up-to-date guide with tons of information to get you going. It also refer’s to many of the installation issues that were found in previous versions of vCenter. As I write this, the blog has already begun making notes for 5.1a instead of 5.1 GA. At this time, 5.1B is out (which I would recommend you install), but you should be able to get through the installation just fine.
And as a reference, I would recommend looking over the release notes for 5.1 There is a plethora of info you may want to know as a heads up, prior to the installation.
Here are the steps involved to change the SSL certificates from the default VMware Self-Signed certificate to one signed by either your internal CA or a public CA. This tutorial works for both the View Connection Server or Security Server services. An official KB article by VMware on this subject can be found here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2020913
In this particular guide, we cover generating an SSL certificate with an Internal CA. If we wanted to sign our server with a public CA, we could use a tool like openSSL to generate a certificate request, send the request to a public CA. Next, we would import a PFX12 file with the private and public key into the Local computer’s Personal certificates and change set Friendly Name to vdm.
Opening the Certificates Management Console
- In the Connection Server, click Start, type mmc, and click OK.
- Click File > Add/Remove Snap-in.
- Select Certificates and click Add.
- Select Computer account and click Next.
- Select Local computer and click Finish > OK.
Requesting a new certificate
- Expand Certificates and click Personal.
- Under Object Type, right-click and select All Tasks > Request New Certificate.
- Read the information on certificate enrollment and click Next.
- Click Active Directory Enrollment Policy > Next.
- Select the template for certificate enrollment and click Details > Properties.
- Ensure you choose the Windows Server 2003 certificate template option. Do NOT choose Windows Server 2008.
For information on creating a certificate template, see the Microsoft Technet article Creating Certificate Templates.
- If you notice that the service starts but you are unable to navigate to the SSL page, this is because the Windows Server template was set to Server 2008.
- Click the General tab.
- Under Friendly name, type vdm.
- Click the Private Key tab.
- Click the arrow next to Key options and select the Make private key exportable option.
- Click OK > Enroll.
- Click Finish.
- Restart the Connection Server service.Notes:
- If you use any browser other than Internet Explorer to access the View Administration console, you must add an exception for the connection to be trusted.
- It may take a few minutes for the certificate to be recognized as valid in the View Administration console.
All credit for this guide goes to VMware for this information. This post is merely for archival purposes and self-reflections on the subject.