Upgrade to vSphere 5.5? Check the key length of your vCenter certificates

An upgrade to vSphere 5.5 is usually not a big deal if you take care of the HCLs and follow the instructions in the upgrade guide.

But if you only have performed inplace-upgrades of your vCenter since vSphere 4.0 and have never replaced your certificates, you should take care of the certificates key length.

vCenter Server 5.5 only supports SSL certificates with greater or equal to 1024 bits – you can read this in the vCenter Server 5.5 U1 Release Notes.

To check the key length, take a look at the “Details” of the rui.crt file at your vCenter Server: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt:

keylength_vCenter_certificate

If you are still using 512 bit certificates you should replace them before you perform the upgrade to vSphere 5.5! Affected include not only the vCenter certificate but also other services such as Inventory Service, Update Manager, Webclient, Log Browser and vCenter Orchestrator…

Fortunately, VMware provides a tool which simplifies this operation – and the complete procedure is well documented:

Leave a Comment

Your email address will not be published. Required fields are marked *