Solved

Configure and Replace the SSL Certificate's on esxi 5.1

Posted on 2014-03-11
7
538 Views
Last Modified: 2014-03-18
i followed both of these tutorials but whenever the ssl cert is replaced the management interface will not start because vpxa fails to start, any thoughts?  not sure why i am seeing this odd behavior.  I am using the free version hypervisor, not sure if that makes a different or not. appreciate any help on this.

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2015499

http://www.experts-exchange.com/Software/VMWare/A_12699-HOW-TO-Configure-and-Replace-the-SSL-Certificate-on-a-VMware-vSphere-Hypervisor-5-1-ESXi-5-1-Host-Server.html
0
Comment
Question by:Kylo Ren
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920369
What does the /var/log/vpxa.log  tell you ... Any errors?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920397
these are the two errors i have right now

2014-03-10T02:57:34.860Z [FFDAA6D0 error 'Default'] Failed to initialize the SSL context: Crypto Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line

2014-03-10T02:57:34.884Z [FFDAA6D0 error 'commonvpxCertificate'] [VpxdCertificate] Failed: unrecognized file format: /etc/vmware/ssl/rui.crt
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920421
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920473
yes restarting the management agents creates a new certificate and then i can log right in. the certificates did have extra characters in them that needed to be removed but for some odd reason i still get the vpxa startup errors.

i noticed that the new certificate has critical flags set for key usage and basic contstraints, not sure if that matters. also see ca options etc....
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920513
So it works but you still get errors? Or am I not understanding correctly?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920663
if i restore the original cert then it works fine but when i install cert from a ca thats when vpxa fails to start
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39922703
Hmmm... The only thing that springs to mind at the moment is if the CA is in the trusted root certification authority ...

This document might help you pinpoint the issue? https://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf

Or this specific article regarding the use of CA's and links to possible other sources: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034833
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question