Howto: Creating a CA template for VMware services

By Howto, Security, VMware, , , , ,

Having setup my lab’s PKI infrastructure previously, one of the next steps I needed to complete was to create a template for certificates for VMware’s products to use as they require certain properties to be present in the certificates used. There is a KB article that covers this but I wanted to run through it and use some of the specifics for my lab. Template for VMware SSL Certificates This template will provide certificates for ESXi hosts, vCenter, vRA, vRO etc. To create it, we first need the Certificate Templates Console. This can be opened by running certtmpl.msc. Per the KB article, I duplicated the “Web Server” template as a starting point. My first task was to give the template a new name and set the validity to 4 years: On the Extensions tab, although it’s possibly not required for […]

Read More

Howto: Configuring a homelab online subordinate CA

By Howto, Security, , ,

A quick recap of where I got to. I have an offline Root CA (well, it’s still online because I’ll need it in a minute) and I’ve created a website on my online subordinate CA server to host the Root CA certificate and CRL files. The purpose of the subordinate CA is to handle certificate signing and repudiation for all services in my infrastructure that require them. It will be granted the authority to do so by the Root CA. So this post covers the remaining steps of the process, which are: Installing and configuring the subordinate CA Signing the subordinate CA’s certificate using the Root CA Delegating control of the subordinate CA to someone other than Domain Admins Some elements of this process are very similar to the process of setting up the Root CA in the first place […]

Read More

Howto: Configuring a homelab offline Root CA

By Howto, Security, ,

Self-signed SSL certificates are all well and good but they’re not meant to be for the real world. The trust issues they cause can be a headache on customer projects and anything that’s going in to production shouldn’t be using them. For that reason, I thought it’d be better to change my homelab so that it uses a slightly more realistic PKI setup. The first phase of that is creating an offline Root CA as it’s something that a good number of customers use too. Step 1: DNS From a DNS perspective, my homelab is split up so that anything physical and fundamental to the lab (e.g. storage / NAS, physical hosts, switches etc) lives in its own DNS domain (home.lab). Everything else from vCenter and AD downwards is in one or more other DNS domains and on separate VLANs […]

Read More

Synology DS1513+ Released

By Hardware, Lab, News, Storage, Virtualization, ,

The Synology DS1512 has been a popular choice for many home labs in recent years. I hoped that the company’s raft of recent product updates would reach this model eventually. Well my wish was granted as Synology have announced the DS1513+. There are a few modifications to note. The one that stands out the most at first glance is the doubling of LAN capability.  The DS1513+ boasts no fewer than 4 RJ45 ports. That does seem like quite a lot. It does open up some interesting possibilities though… The full specifications for the DS1513+ can be found here.

Read More

Get Your Homelab in the Clouds with AutoLab

By Cloud, Lab, Virtualization, ,

Since we have a small but significant following of people who run home labs here on vSpecialist, I thought I’d mention a limited offer that may be of interest. If you’re not familiar with AutoLab, it’s designed to produce a nested vSphere 5.1, 5.0 or 4.1 lab environment with minimum effort. Prebuilt Open Source VMs and the shell of other VMs are used along with automation for the installation of operating systems and applications into these VMs with the end result being a useful home lab that you can stand up from scratch in a short amount of time. Anyway, it’s possible to get an AutoLab setup and running in the cloud and BareMetalCloud actually offer it as a service. Mike Laverick has some discount codes available (use MAGICMIKE100) to the first 100 people to take up the service. Check out his post […]

Read More