?
Solved

Configure and Replace the SSL Certificate's on esxi 5.1

Posted on 2014-03-11
7
Medium Priority
?
587 Views
Last Modified: 2014-03-18
i followed both of these tutorials but whenever the ssl cert is replaced the management interface will not start because vpxa fails to start, any thoughts?  not sure why i am seeing this odd behavior.  I am using the free version hypervisor, not sure if that makes a different or not. appreciate any help on this.

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2015499

http://www.experts-exchange.com/Software/VMWare/A_12699-HOW-TO-Configure-and-Replace-the-SSL-Certificate-on-a-VMware-vSphere-Hypervisor-5-1-ESXi-5-1-Host-Server.html
0
Comment
Question by:Kylo Ren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920369
What does the /var/log/vpxa.log  tell you ... Any errors?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920397
these are the two errors i have right now

2014-03-10T02:57:34.860Z [FFDAA6D0 error 'Default'] Failed to initialize the SSL context: Crypto Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line

2014-03-10T02:57:34.884Z [FFDAA6D0 error 'commonvpxCertificate'] [VpxdCertificate] Failed: unrecognized file format: /etc/vmware/ssl/rui.crt
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920473
yes restarting the management agents creates a new certificate and then i can log right in. the certificates did have extra characters in them that needed to be removed but for some odd reason i still get the vpxa startup errors.

i noticed that the new certificate has critical flags set for key usage and basic contstraints, not sure if that matters. also see ca options etc....
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920513
So it works but you still get errors? Or am I not understanding correctly?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920663
if i restore the original cert then it works fine but when i install cert from a ca thats when vpxa fails to start
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 39922703
Hmmm... The only thing that springs to mind at the moment is if the CA is in the trusted root certification authority ...

This document might help you pinpoint the issue? https://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf

Or this specific article regarding the use of CA's and links to possible other sources: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034833
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question