If you choose to install self-signed certificates, you can create them using OpenSSL.


Create a text file named openssl.cnf with the configuration settings shown in the following example.


Modify all entries so they are specific to your environment. Providing the commonName is mandatory.

default_bits            = 2048
default_keyfile         = rui.key
distinguished_name      = req_distinguished_name
#Don't encrypt the key
encrypt_key             = no
prompt                  = no
string_mask             = nombstr

[ req_distinguished_name ]
countryName             = US
stateOrProvinceName     = California
localityName            = Palo Alto
0.organizationName      = VMware, Inc.
emailAddress            = ssl-certificates@vmware.com

Create the self-signed certificate (rui.key and rui.crt) by running the following command.

openssl req –nodes –new –x509 –keyout rui.key –out rui.crt –days 3650 –config openssl.cnf


This command assumes that the openssl.cnf file is in the same folder as where the certificate is generated. If the certificate is in another folder, supply the full patch with the openssl.cnf file name.


Create backups of the original, default certificate and key to a safe location, in case you have problems and must restore your system to its previous state.


Copy the newly generated self-signed certificate (rui.key and rui.crt) to the default location for vCenter Server certificates.

For Windows Server 2003, C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\

For Windows Server 2008, C:\Program Data\VMware\VMware VirtualCenter\SSL\