openssl.cfg for vcenter 5.0 (not 5.1)

for god sakes please use ver .9.8, if you use 1.0, the pfx wont work correctly and web services will be broke and you will be pulling your hair out.


add sans to openssl.cfg
# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName= @alt_names

req_extensions = v3_req
And in the v3_req section:

[ v3_req ]
subjectAltName = @alt_names

DNS.1 = in2vc01
DNS.2 =
IP.1 =

openssl.exe genrsa 1024 > rui.key

mine had to be 2048

openssl.exe genrsa 2048 > rui.key

openssl req -config openssl.cfg -new -key rui.key > rui.csr
openssl req -text -noout -in rui.csr
to verify

submit as 64 to cert, approve

openssl pkcs12 -export -in rui.crt -inkey rui.key -name -passout pass:testpassword -out rui.pfx

# Get the hostsystem object for every host currently disconnected.
$VMhosts = Get-View -ViewType ‘Hostsystem’ `
-Property ‘name’ `
-Filter @{"Runtime.ConnectionState"="disconnected"}

Foreach ($VMhost in $VMhosts)
# Create a reconnect spec
$HostConnectSpec = New-Object VMware.Vim.HostConnectSpec
$HostConnectSpec.hostName = $
$HostConnectSpec.userName = ‘root’
$HostConnectSpec.password = ‘password’

# Reconnect the host
$taskMoRef = $VMhost.ReconnectHost_Task($HostConnectSpec,$null)

# optional, but i like to return a task object, that way I can
# easily integrate this into a pipeline later if need be.
Get-VIObjectByVIView -MORef $taskMoRef