Solved

Configure and Replace the SSL Certificate's on esxi 5.1

Posted on 2014-03-11
7
517 Views
Last Modified: 2014-03-18
i followed both of these tutorials but whenever the ssl cert is replaced the management interface will not start because vpxa fails to start, any thoughts?  not sure why i am seeing this odd behavior.  I am using the free version hypervisor, not sure if that makes a different or not. appreciate any help on this.

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2015499

http://www.experts-exchange.com/Software/VMWare/A_12699-HOW-TO-Configure-and-Replace-the-SSL-Certificate-on-a-VMware-vSphere-Hypervisor-5-1-ESXi-5-1-Host-Server.html
0
Comment
Question by:Kylo Ren
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920369
What does the /var/log/vpxa.log  tell you ... Any errors?
0
 
LVL 4

Author Comment

by:Kylo Ren
ID: 39920397
these are the two errors i have right now

2014-03-10T02:57:34.860Z [FFDAA6D0 error 'Default'] Failed to initialize the SSL context: Crypto Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line

2014-03-10T02:57:34.884Z [FFDAA6D0 error 'commonvpxCertificate'] [VpxdCertificate] Failed: unrecognized file format: /etc/vmware/ssl/rui.crt
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920421
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Author Comment

by:Kylo Ren
ID: 39920473
yes restarting the management agents creates a new certificate and then i can log right in. the certificates did have extra characters in them that needed to be removed but for some odd reason i still get the vpxa startup errors.

i noticed that the new certificate has critical flags set for key usage and basic contstraints, not sure if that matters. also see ca options etc....
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920513
So it works but you still get errors? Or am I not understanding correctly?
0
 
LVL 4

Author Comment

by:Kylo Ren
ID: 39920663
if i restore the original cert then it works fine but when i install cert from a ca thats when vpxa fails to start
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39922703
Hmmm... The only thing that springs to mind at the moment is if the CA is in the trusted root certification authority ...

This document might help you pinpoint the issue? https://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf

Or this specific article regarding the use of CA's and links to possible other sources: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034833
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Teach the user how to install vSphere Update Manager  Console to Windows system:  Install vSphere Update Manager: Configure vSphere Update Manager plug-in in vSphere Client: Verify vSphere Update Manager settings in vSphere Client:
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now