We help IT Professionals succeed at work.

Is that ESX SSL certificate will affect citrix secure gateway and Cisco Loadbalancer

Hi Experts,

I have renewed the ESX host SSL certificate on Yestarday 15:00 hrs, after renew the certificate iam got page cannot be display on web page so i have revert back to orginal state every thing was working fine,in that we have 1 citrix secure gateway server and 5 windows Vm's are there,we have one more esx host it is having another 2 citrix secure gateway server 6 windows vs are there, for that ESX host we are not renew ssl certificate till Aug 2010 is the expired date.today morning 5:00 AM we have incident secure gateway is not accessible unable to RDP and ping from out side, except this  3 secure-gateway all the Guest Vm's are working fine on the esx host, we have restarted the secure gateway server and esx server the issue was not fixed finally they rebooted the cisco load balancer which is manage load balance 3 secure-gateway server the issue got fixed

Now my question is we have totally 3 citrix secure-gateway server all the 3 server's are connected to cisco load balancer,except this 3 server  all the guest Vm's are working fine,the Network team was saying Because of SSL Cisco Load balancer got the issue.as per my understanding "SSL certificates stored in the console are used to provide security and encryption for management sessions between the VirtualCenter Server and the COS. The same certificates are also used with clients directly connecting to ESX Servers"

Could you please help me out how do i prove this incident was not happened because of  SSL certificate renewal ?,and where is the exact ESX  log store and how do i fix this certificate issue.
Comment
Watch Question

Replacing VirtualCenter Server Certificates
http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

This should help you.

Author

Commented:
Hi Arunraju,

Actually i too have this document, my question is "how do i prove Citrix load balancer issue  was not related with SSL certificate renewal ?
Unless the Citrix Load Balancer is directly dependent on the same SSL Certificates which you have imported into vCenter, the issue can be pretty much isolated.

I am not certain how the Certificate part is affecting Virtual Machines.

Author

Commented:
Citrix securegateway Vm's are connected to the Network Load balancer it is  the Physical Hardware of  CISCO Product,Network team are relating this issue like ESX host SSL traffic was cause the issue of Network load balancer, is there any ESX logs to prove there is no relation between ESX ssl trafic will not affect network Load banancer which is connected on guest Vm's, or any VMware document.
AFAIK, SSL Certificates are only imported when you do not want the self-signed SSL Certificates from VMware to be used in an environment.

Your Network Team is trying to plug you into an issue, which IMHO they need to fix.

Author

Commented:
Could you please explain me briefly on this ?
Sure.

When you install vCenter, it ships with what is known as Self Signed SSL Certs which are not signed by third party CAs such as VeriSign, Thawte Consulting, GoDaddy, etc.

In a secure to very secure environment, IT Security folks register with either of the Certificate Authorities mentioned above and get a valid SSL certificate which is signed by them. This would however involve a cost.

VMware recommends importing third party signed certs in a secure to very secure environment.

I hope I am able to match your expectations in explaining this.

Author

Commented:
actually i have renewed the ssl cert on ESX ,could you please tell me How the SSL will works  ?
Either way its the same process.

The SSL certs would be imported to /etc/vmware/ssl directory.

Author

Commented:
Good Answer