Is that ESX SSL certificate will affect citrix secure gateway and Cisco Loadbalancer
Hi Experts,
I have renewed the ESX host SSL certificate on Yestarday 15:00 hrs, after renew the certificate iam got page cannot be display on web page so i have revert back to orginal state every thing was working fine,in that we have 1 citrix secure gateway server and 5 windows Vm's are there,we have one more esx host it is having another 2 citrix secure gateway server 6 windows vs are there, for that ESX host we are not renew ssl certificate till Aug 2010 is the expired date.today morning 5:00 AM we have incident secure gateway is not accessible unable to RDP and ping from out side, except this 3 secure-gateway all the Guest Vm's are working fine on the esx host, we have restarted the secure gateway server and esx server the issue was not fixed finally they rebooted the cisco load balancer which is manage load balance 3 secure-gateway server the issue got fixed
Now my question is we have totally 3 citrix secure-gateway server all the 3 server's are connected to cisco load balancer,except this 3 server all the guest Vm's are working fine,the Network team was saying Because of SSL Cisco Load balancer got the issue.as per my understanding "SSL certificates stored in the console are used to provide security and encryption for management sessions between the VirtualCenter Server and the COS. The same certificates are also used with clients directly connecting to ESX Servers"
Could you please help me out how do i prove this incident was not happened because of SSL certificate renewal ?,and where is the exact ESX log store and how do i fix this certificate issue.
I have renewed the ESX host SSL certificate on Yestarday 15:00 hrs, after renew the certificate iam got page cannot be display on web page so i have revert back to orginal state every thing was working fine,in that we have 1 citrix secure gateway server and 5 windows Vm's are there,we have one more esx host it is having another 2 citrix secure gateway server 6 windows vs are there, for that ESX host we are not renew ssl certificate till Aug 2010 is the expired date.today morning 5:00 AM we have incident secure gateway is not accessible unable to RDP and ping from out side, except this 3 secure-gateway all the Guest Vm's are working fine on the esx host, we have restarted the secure gateway server and esx server the issue was not fixed finally they rebooted the cisco load balancer which is manage load balance 3 secure-gateway server the issue got fixed
Now my question is we have totally 3 citrix secure-gateway server all the 3 server's are connected to cisco load balancer,except this 3 server all the guest Vm's are working fine,the Network team was saying Because of SSL Cisco Load balancer got the issue.as per my understanding "SSL certificates stored in the console are used to provide security and encryption for management sessions between the VirtualCenter Server and the COS. The same certificates are also used with clients directly connecting to ESX Servers"
Could you please help me out how do i prove this incident was not happened because of SSL certificate renewal ?,and where is the exact ESX log store and how do i fix this certificate issue.
Replacing VirtualCenter Server Certificates
http://www.vmware.com/pdf/vi_vcserver_certificates.pdf
This should help you.
http://www.vmware.com/pdf/vi_vcserver_certificates.pdf
This should help you.
Hi Arunraju,
Actually i too have this document, my question is "how do i prove Citrix load balancer issue was not related with SSL certificate renewal ?
Actually i too have this document, my question is "how do i prove Citrix load balancer issue was not related with SSL certificate renewal ?
Unless the Citrix Load Balancer is directly dependent on the same SSL Certificates which you have imported into vCenter, the issue can be pretty much isolated.
I am not certain how the Certificate part is affecting Virtual Machines.
I am not certain how the Certificate part is affecting Virtual Machines.
Citrix securegateway Vm's are connected to the Network Load balancer it is the Physical Hardware of CISCO Product,Network team are relating this issue like ESX host SSL traffic was cause the issue of Network load balancer, is there any ESX logs to prove there is no relation between ESX ssl trafic will not affect network Load banancer which is connected on guest Vm's, or any VMware document.
AFAIK, SSL Certificates are only imported when you do not want the self-signed SSL Certificates from VMware to be used in an environment.
Your Network Team is trying to plug you into an issue, which IMHO they need to fix.
Your Network Team is trying to plug you into an issue, which IMHO they need to fix.
Sure.
When you install vCenter, it ships with what is known as Self Signed SSL Certs which are not signed by third party CAs such as VeriSign, Thawte Consulting, GoDaddy, etc.
In a secure to very secure environment, IT Security folks register with either of the Certificate Authorities mentioned above and get a valid SSL certificate which is signed by them. This would however involve a cost.
VMware recommends importing third party signed certs in a secure to very secure environment.
I hope I am able to match your expectations in explaining this.
When you install vCenter, it ships with what is known as Self Signed SSL Certs which are not signed by third party CAs such as VeriSign, Thawte Consulting, GoDaddy, etc.
In a secure to very secure environment, IT Security folks register with either of the Certificate Authorities mentioned above and get a valid SSL certificate which is signed by them. This would however involve a cost.
VMware recommends importing third party signed certs in a secure to very secure environment.
I hope I am able to match your expectations in explaining this.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial