Windows ROOT CA Node Renewal on VMware Platform

This best practice collateral on Windows ROOT CA Server running on VMware platform. VMware recommends to take VMware SNAPSHOT prior to configuration upgrade to ROOT CA.

It's important to note that the VMware Snapshot is not replacement for normal backup solution as shown in VMware KB Article.

This solution to proactively avoid unintended systems outages on production and non-production workloads due to expired ROOT CA Windows Workload Node.

Reference KB Article: https://kb.vmware.com/s/article/1025279

Access Operations / Pre-requisite

- Ensure Access to VMware vCenter with Privilege Administrator RBAC Role

- vCenter URL / IP and RDP Access with Elevated Privilege RBAC Role

Operational Procedures

Step 1 – Login into vCenter Portal

Step 2 – Select the VM workload > Right-Click and Select Snapshot

Step 3 - Select Take Snapshot

Step 4 - Name the VM Snapshot as (ie VM-Snapshot-HOSTNAME-DATE-MMDDYYY)

Step 5 - Select Create - Ensure the Snapshot Completed at 100%

Step 6 - RDP to CA01 Node

Step 7 - On Powershell > Type mmc

Step 8 - Add Snap-Ins > Certificate Authority

Step 9 - Right-click > ROOT CA > Select ALL TASKS

Step 10 - Select Renew CA Certificate

Tech Notes:

Removed ALL Expired ROOT CA Under Local Certificate Store on CA01 ROOT Node.

Published:

Henry Ruelan - VCAP / VCIX (DCD)

Sr. Principal Cloud Engineer