Certain third party products such as XenDesktop respect the expiration date on the vCenter SSL certificate. The vSphere Client doesn’t mind so much, nor it appears does the ESX hosts, but when your VDIs suddenly can’t be reached, it’s a bad thing.
By default, vCenter will create a self-signed certificate with just the host name. In our case, since we’re not publishing any SSL services to the public and already have a Microsoft Certificate Authority, we can create and sign our own vCenter certificate. And just like the newer version of vCenter, we’ll set it up for 10 years too.
This can be completed in just under 15 minutes if all the prerequisites are in place. Took me an hour (including this documentation).
Continue reading Replacing vCenter 2.5 Self-Signed Certificate with Active Directory Issued One
Linux and Windows Active Directory (AD) integration has come a long ways since 2000. It is now quite easy to take advantage of Kerberos for managing authentication at the host level (user logins and such). Surprisingly, it’s just as easy to the same in Apache now.
This posting will walk you through the steps needed to configure and test authentication against a valid AD user.
Prerequisites
It is assumed the following prerequisites are in place:
- CentOS 5.2 Server – fully updated
- Apache, Kerberos, and supporting packages installed
- Samba configured as member server (net ads join has been successfully performed)
- Windows Server 2003 R2 or 2008 SP1 with UNIX Identity Management extensions installed
- Kerberos working (kinit from a AD user properly authenticates and klist shows tickets)
Continue reading CentOS 5.2 – Apache – Kerberos / Active Directory Authentication
