Solved

Configure and Replace the SSL Certificate's on esxi 5.1

Posted on 2014-03-11
7
547 Views
Last Modified: 2014-03-18
i followed both of these tutorials but whenever the ssl cert is replaced the management interface will not start because vpxa fails to start, any thoughts?  not sure why i am seeing this odd behavior.  I am using the free version hypervisor, not sure if that makes a different or not. appreciate any help on this.

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2015499

http://www.experts-exchange.com/Software/VMWare/A_12699-HOW-TO-Configure-and-Replace-the-SSL-Certificate-on-a-VMware-vSphere-Hypervisor-5-1-ESXi-5-1-Host-Server.html
0
Comment
Question by:Kylo Ren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920369
What does the /var/log/vpxa.log  tell you ... Any errors?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920397
these are the two errors i have right now

2014-03-10T02:57:34.860Z [FFDAA6D0 error 'Default'] Failed to initialize the SSL context: Crypto Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line

2014-03-10T02:57:34.884Z [FFDAA6D0 error 'commonvpxCertificate'] [VpxdCertificate] Failed: unrecognized file format: /etc/vmware/ssl/rui.crt
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920421
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920473
yes restarting the management agents creates a new certificate and then i can log right in. the certificates did have extra characters in them that needed to be removed but for some odd reason i still get the vpxa startup errors.

i noticed that the new certificate has critical flags set for key usage and basic contstraints, not sure if that matters. also see ca options etc....
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39920513
So it works but you still get errors? Or am I not understanding correctly?
0
 
LVL 5

Author Comment

by:Kylo Ren
ID: 39920663
if i restore the original cert then it works fine but when i install cert from a ca thats when vpxa fails to start
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39922703
Hmmm... The only thing that springs to mind at the moment is if the CA is in the trusted root certification authority ...

This document might help you pinpoint the issue? https://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf

Or this specific article regarding the use of CA's and links to possible other sources: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034833
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question