Simplifying CSR Generation for vSphere: A PowerShell Script Guide

Introduction: Managing the security of your vSphere environment often involves the generation of Certificate Signing Requests (CSRs) for vCenter servers and ESXi hosts. To streamline this process, we’ve developed a PowerShell script that automates the CSR generation for two vCenter servers and multiple ESXi hosts. This script utilizes the VMware PowerCLI module and a for loop to extract ESXi host names from an Excel file.

Prerequisites: Before you dive into the script, ensure you have the following prerequisites in place:

• VMware PowerCLI module installed.
• Administrative privileges in your PowerShell environment.
• Access to vCenter servers and ESXi hosts.
• An Excel file containing ESXi host names.

Script Overview: Save the script below as a .ps1 file and follow the instructions to customize it according to your environment.

# [Script Content]

# Instructions on what to replace:
# 1. Variables: Replace placeholder values for $country, $state, $city, and $organization.
# 2. vCenter Server Names and Credentials: Replace placeholder values with actual details.
# 3. Excel File Path and Header Name: Update path and adjust worksheet/header names.
# 4. Paths: Modify file path where CSR files will be saved.

# Import the PowerCLI module Import-Module VMware.PowerCLI # Function to generate CSR for a given vCenter or ESXi function GenerateCSR { param( [string]$fqdn, [string]$type ) $country = “US” # Change to your country code $state = “California” # Change to your state $city = “San Francisco” # Change to your city $organization = “MyCompany” # Change to your organization name $csr = New-CertificateRequest -Subject “C= $country, ST= $state, L= $city, O= $organization, CN= $fqdn” -Type $type $csr | Out-File -FilePath “C:\Path\to\Save\$fqdn`_CSR.txt” Write-Host “CSR for $fqdn:” $csr } # Ignore invalid certificate warnings for vCenter connections Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false # Connect to vCenter servers $vCenter1 = “vcenter1.example.com” # Replace with your vCenter server FQDN or IP $vCenter2 = “vcenter2.example.com” # Replace with your vCenter server FQDN or IP Connect-VIServer -Server $vCenter1 -User “username” -Password “password” # Replace with your credentials Connect-VIServer -Server $vCenter2 -User “username” -Password “password” # Replace with your credentials # Generate CSRs for two vCenter servers GenerateCSR -fqdn $vCenter1 -type “SSL” GenerateCSR -fqdn $vCenter2 -type “SSL” # Get ESXi host names from an Excel file $excelFile = “C:\Path\to\Excel\File.xlsx” $esxiHosts = Import-Excel -Path $excelFile -WorksheetName “Sheet1” -HeaderName ESXiHostName foreach ($host in $esxiHosts) { $esxiHostName = $host.ESXiHostName GenerateCSR -fqdn $esxiHostName -type “SSL” } # Disconnect from vCenter servers Disconnect-VIServer -Server $vCenter1 -Confirm:$false Disconnect-VIServer -Server $vCenter2 -Confirm:$false

# [End of Script Content]

Customization Instructions:

1. Variables:

   • Replace placeholder values for $country, $state, $city, and $organization with your relevant details.

2. vCenter Server Names and Credentials:

   • Replace "vcenter1.example.com", "vcenter2.example.com", "username", and "password" with your actual vCenter server names, username, and password.

3. Excel File Path and Header Name:

   • Replace "C:\Path\to\Excel\File.xlsx" with the path to your Excel file.
   • Adjust the worksheet and header names in the script according to your Excel file structure.

4. Paths:

   • Modify the file path where the CSR files will be saved in the Out-File command.

Usage:

• Run the script in a PowerShell environment with administrative privileges.
• Ensure necessary permissions for reading the Excel file, connecting to vCenter servers, generating CSRs, and writing files to the specified directory.

Conclusion: By utilizing this PowerShell script, you can significantly simplify the CSR generation process for your vSphere environment.

This automation not only saves time but also reduces the likelihood of errors during manual certificate management. Feel free to adapt the script further to meet specific requirements, and always ensure secure and efficient management of your vSphere infrastructure.