New vRO and PowerCLI Automation Training

A lot of the projects that I work on have an element of automation to them and I’ve been asked a few times by customers if there is a training course available that will help them get started in understanding vRO and VMware’s PowerCLI cmdlets and how they can be used. Whilst there have been courses available in the past, there is a new one that reads a bit like “Doing my job 101”. It goes by the catchy title of “Data Center Automation with vRealize Orchestrator and vSphere PowerCLI“. Looking at the outline, the important stuff is there. Understanding, using and navigating the vSphere API (useful for both PowerCLI and vRO). PowerCLI basics and more advanced uses. vRO Basics and workflow creation / design. So, if you’re looking to get started with vRO or PowerCLI and use one or […]

Read More

vRA 7 / vRO 7 REST error (java.security.cert.CertificateException)

Whilst I was with a customer recently, I hit an SSL related issue whilst trying to put together a vRO workflow to orchestrate the creation of a load-balancer configuration on a Citrix Netscaler VPX. Adding the REST host(s) to vRO was accomplished without any issue, but when I came to use them my workflow failed with the following error:

As this vRO instance was running on a vRA appliance, my first port of call was starting the vRO Control Center service and make sure that the REST host certificates had indeed been imported in to vRO and were trusted.¬†They were. Looking at the certificates themselves (as I had blindly accepted them up until that point) I noticed that they were self-signed and the cause of the error became clearer. Some software solutions generate fairly weak SSL certificates by default to […]

Read More

Howto: Creating a CA template for VMware services

Having setup my lab’s PKI infrastructure previously, one of the next steps I needed to complete was to create a template for certificates for VMware’s products to use as they require certain properties to be present in the certificates used. There is a KB article that covers this but I wanted to run through it and use some of the specifics for my lab. Template for VMware SSL Certificates This template will provide certificates for ESXi hosts, vCenter, vRA, vRO etc. To create it, we first need the Certificate Templates Console. This can be opened by running certtmpl.msc. Per the KB article, I duplicated the “Web Server” template as a starting point. My first task was to give the template a new name and set the validity to 4 years: On the Extensions tab, although it’s possibly not required for […]

Read More

Howto: Configuring a homelab online subordinate CA

A quick recap of where I got to. I have an offline Root CA (well, it’s still online because I’ll need it in a minute) and I’ve created a website on my online subordinate CA server to host the Root CA certificate and CRL files. The purpose of the subordinate CA is to handle certificate signing and repudiation for all services in my infrastructure that require them. It will be granted the authority to do so by the Root CA. So this post covers the remaining steps of the process, which are: Installing and configuring the subordinate CA Signing the subordinate CA’s certificate using the Root CA Delegating control of the subordinate CA to someone other than Domain Admins Some elements of this process are very similar to the process of setting up the Root CA in the first place […]

Read More