I am using VMware vSphere 7.0.3 for this lab. Before starting the deployment, ensure there are forward and reverse DNS records created for the ESXi host that vCenter will be installed on, the vCenter Server appliance itself, and optionally any NTP servers. Ideally, there should be localized NTP.
Copy the file(s) to a system that has OpenSSL. If you are on a Windows machine, the easiest way to do this is to use Git for Windows (https://git-scm.com/download/win). Once installed, you can run Git Bash and will have access to OpenSSL. Linux and macOS will likely already have OpenSSL support in Terminal. If you are in a VMware environment, the ESXi hosts also have OpenSSL support.
Obtain the Certificate Password
It is highly likely the .pfx file will contain a password to protect the file. This password is required for the conversion process.
Convert PKCS12 (P12) to Privacy Enhanced Mail (PEM)
PEM files may have either a cer, crt, or pem file extension. These should be interchangeable, but some vendors are very particular about the file extension. Like anything, check the applicable documentation for recommendations.
Most vendors will require three files. Commonly I see the folllowing:
Machine certificate
Signing chain (Look at the vendor documentation for the chaining order! Some vendors require root + intermediates at the bottom and other will require the intermediates + the root at the bottom)
Private key
To get the machine certificate and signing certificates, run the following command:
This is a prerequisite phase before configuring App Volumes Manager in the browser. A lot of this should already be accomplished in a production environment except the newly installed App Volumes Manager specific settings. This page can serve more than just for configuring security for App Volumes Manager.
Rather than reiterate what’s already been written elsewhere that makes sense, I am just going to drop the appropriate links below and make notes where appropriate for reference.
I added the certificate in the following order: Root+Intermediate+Machine and named it adCA.pem. This file gets added to the C:\Program Files (x86)\CloudVolumes\Manager\config directory and then the App Volumes Manager service gets restarted.
Replace the Self-Signed Certificate with CA-signed Certificate
Use this article to have App Volumes Manager trust the vCenter Server certificate. I could not find this information anywhere else besides this kb.
To resolve the issue, add the vCenter CA certificate to the cacert.pem
Make sure that the cacert.pem file has the complete chain including the vCenter server certificate.
Generated the cacert.pem and placed it under the directory “C:/Program Files (x86)/CloudVolumes/Manager/config/cacert.pem”
Imported the vCenter CA cert and vCenter server cert to trusted store of the App Volume Manager.
Restarted the App Volume Manager service.
Update: I added the certificates in the following order: Root+Intermediate+Machine to cacert.pem and copied the file into the C:/Program Files (x86)/CloudVolumes/Manager/config/ directory. I then restarted the App Volumes Manager service. When configuring the Machine Managers, the certificate error is not present.