I’m trying to automate the process of creating and renewing TLS certificates for my VMware vCenter servers using Certify the Web and PowerShell. Certify the Web is a program that runs on a Windows desktop and can generate certificates from Let’s Encrypt or other providers. I want to use PowerShell to push the certificates to the vCenter servers after they are created or renewed by Certify the Web. Does anyone have any experience or tips on how to do this? Here is what I have so far:
# Parameter from Certify the Web.
param($result) # Required to access the $result parameter
#Loads all Module(s)
Try { Import-Module -Name VMware.PowerCLI -ErrorAction Stop }
Catch { Write-Host "Unable to load VMware.PowerCLI module, Please, run 'Install-Module -Name VMware.PowerCLI -AllowClobber -Force'" -ForegroundColor Red; Exit }
#Try { Set-PowerCLIConfiguration -InvalidCertificateAction Warn -Scope Session,User,AllUsers }
#Catch { Write-Host "Self-signed or invalid cert run, 'Set-PowerCLIConfiguration Warn -Scope Session,User,AllUsers'" -ForegroundColor Red; Exit }
#Try { Set-PowerCLIConfiguration -Scope Session,User,AllUsers -ParticipateInCeip $false }
#Catch { Write-Host ", 'Set-PowerCLIConfiguration -Scope Session,User,AllUsers -ParticipateInCeip $false'" -ForegroundColor Red; Exit }
if ($result.IsSuccess) {
# Edit Variables Below
$FQDM = "vcenter.vmware.com" # E.G. vcenter.vmware.com
$vCenterUsername = "username"
$vCenterPassword = "Your_Password"
# Do Not Edit Below This Point
# Setup to connect to a VMware vCenter.
$vCenterConnection = Connect-VIServer -Server $FQDM -User $vCenterUsername -Password $vCenterPassword
# Connect to a VMware vCenter
$vCenterConnection
# Getting new certs
$certificatePem = Get-Content -Path "C:\CTW\FullChain\$($FQDM)\$($FQDM).pem" -Raw
$certificatePrivKeyPem = Get-Content -Path "C:\CTW\FullChain\$($FQDM)\$($FQDM).privkey.pem" -Raw
# You will need manualy push up CA cert(s)
# Update the vCenter certificate
Try { Set-VIMachineCertificate -PemCertificate $certificatePem -PemKey $certificatePrivKeyPem -ErrorAction Stop }
Catch { Write-Host "Failed to update vCenter certificate. Error: $_" -ForegroundColor Red }
# Cleans up TLS certs.
Get-VITrustedCertificate | Where-Object { $_.NotValidAfter -lt (Get-Date) } | Remove-VITrustedCertificate
# Disconnect from vCenter
Disconnect-VIServer -Server $FQDM -Confirm:$false
}