Solved

Configure and Replace the SSL Certificate's on esxi 5.1

Posted on 2014-03-11
7
558 Views
Last Modified: 2014-03-18
i followed both of these tutorials but whenever the ssl cert is replaced the management interface will not start because vpxa fails to start, any thoughts?  not sure why i am seeing this odd behavior.  I am using the free version hypervisor, not sure if that makes a different or not. appreciate any help on this.

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2015499

http://www.experts-exchange.com/Software/VMWare/A_12699-HOW-TO-Configure-and-Replace-the-SSL-Certificate-on-a-VMware-vSphere-Hypervisor-5-1-ESXi-5-1-Host-Server.html
0
Comment
Question by:Kylo Ren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920369
What does the /var/log/vpxa.log  tell you ... Any errors?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920397
these are the two errors i have right now

2014-03-10T02:57:34.860Z [FFDAA6D0 error 'Default'] Failed to initialize the SSL context: Crypto Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line

2014-03-10T02:57:34.884Z [FFDAA6D0 error 'commonvpxCertificate'] [VpxdCertificate] Failed: unrecognized file format: /etc/vmware/ssl/rui.crt
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920473
yes restarting the management agents creates a new certificate and then i can log right in. the certificates did have extra characters in them that needed to be removed but for some odd reason i still get the vpxa startup errors.

i noticed that the new certificate has critical flags set for key usage and basic contstraints, not sure if that matters. also see ca options etc....
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920513
So it works but you still get errors? Or am I not understanding correctly?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920663
if i restore the original cert then it works fine but when i install cert from a ca thats when vpxa fails to start
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39922703
Hmmm... The only thing that springs to mind at the moment is if the CA is in the trusted root certification authority ...

This document might help you pinpoint the issue? https://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf

Or this specific article regarding the use of CA's and links to possible other sources: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034833
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question