Skip navigation
VMware
Up to Discussions in VMware vCenter™ Server

This Question is Answered (go to answer)

1 "helpful" answer available (6 pts)
2,152 Views 7 Replies Last post: Sep 12, 2007 1:09 PM by baptista RSS
crush Novice
crush
14 posts since
Jan 24, 2007
Currently Being Moderated

Apr 23, 2007 9:07 AM

After install a new SSL Certificate, all hosts are disconnected from VC

Hi Everyone

 

I had replaced the self generated SSL certificate of the Virtual Center website with one generated by our CA. After this, all hosts in VC are shown as "disconnected".

When i put back the old certificate, the VC can successfully connects to the ESX hosts...

 

Must I update the SSL certificate also on the ESX hosts?

 

 

thanks in advance

crush

cheeko Master
cheeko
628 posts since
Nov 30, 2005
Currently Being Moderated
1. Apr 23, 2007 11:17 AM in response to: crush
Re: After install a new SSL Certificate, all hosts are disconnected from VC

Maybe this helps:

http://edward.aractingi.net/blog/archives/2006/10/replace_vmware_cert.html

 

The SSL certificate on the ESX is located in /etc/vmware/ssl

 

Maybe it's the more proper way, to delete the host from VC and re-add it (if that works).

crush Novice
crush
14 posts since
Jan 24, 2007
Currently Being Moderated
2. Apr 24, 2007 1:04 AM in response to: cheeko
Re: After install a new SSL Certificate, all hosts are disconnected from VC

Hi cheeko

 

The SSL certificate located in /etc/vmware/ssl is the certificate of the ESX host and not the one of VC... what I need is the location at the ESX host where the certificate of VC is stored.

 

The Workaround "delete host from VC an re-add it" works. However, in this scenario I lose my permissions set on hosts and vm's and the allocation of the vm's to the folders under the "Virtual Machines And Templates" View.

 

But I want to try the following Workaround:

Reinstall the VC agent on the ESX host and the try to reconnect from the VC. Eventually on this way the certificate of VC gets updated on ESX host.

 

cu

crush Novice
crush
14 posts since
Jan 24, 2007
Currently Being Moderated
3. Apr 29, 2007 11:23 PM in response to: crush
Re: After install a new SSL Certificate, all hosts are disconnected from VC

morning

 

Reinstall the VC agent on the ESX host and then reconnect to VC has the same effect like delete ESX host from VC an re-add it... this isn't a acceptable solution.

 

i'm still searching.

RLI27 Enthusiast
RLI27
32 posts since
Jan 24, 2007
Currently Being Moderated
4. Sep 4, 2007 7:39 AM in response to: crush
Re: After install a new SSL Certificate, all hosts are disconnected from VC

Hi all

 

Exact same problem here. Was there any solution yet?

 

Cheers

RLI

baptista Novice
baptista
25 posts since
Jul 30, 2007
Currently Being Moderated
5. Sep 4, 2007 8:50 AM in response to: crush
Re: After install a new SSL Certificate, all hosts are disconnected from VC

We have to do this also, and removing each host from the cluster and vc just cannot be done in our production environment. There must be a way to update the certificates without bringing down the environment.

 

I've been going through the Technote on replacing VirtualCenter Server Certificates but the vma.exe file used to register the certs with vc is not installed with our VirtualCenter for some reason.

RLI27 Enthusiast
RLI27
32 posts since
Jan 24, 2007
Currently Being Moderated
6. Sep 5, 2007 1:22 PM in response to: RLI27
Re: After install a new SSL Certificate, all hosts are disconnected from VC

Hi guys

 

Together with DELL Support (SPOC for all Support questions related HW and SW - btw: these guys have done a nice job so far!) I found the following solution:

\- Open VIClient

\- Disconnect all your hosts in VC (you do not loose anything...)

\- Replace the certificates on the VC

\- restart "VMware VirtualCenter Server" service on VC

\- Reconnect VIClient

\- Connect the disconnected hosts again (see note below about VM location)

\- Reconfigure HA (if any)

 

Tested on VC V2.0.2 and with ESX hosts V3.0.2 (haven't tested other versions). The hosts are in 2 clusters in 1 Datacenter and no resource pools have been configured. There were configured permissions on folders in the view for "Virtual Machines and Templates". While reconnecting the hosts you will be asked where (in which folder) to put the VMs. Do NOT choose a specific folder - choose your Datastore instead and the "old" assignment will not be changed.

 

Worked just fine for me and now I have VC signed with my own certificate and the ESX hosts are connected again. Hope this helps you guys too.

 

Cheers, Roger

baptista Novice
baptista
25 posts since
Jul 30, 2007
Currently Being Moderated
7. Sep 12, 2007 1:09 PM in response to: RLI27
Re: After install a new SSL Certificate, all hosts are disconnected from VC

I can confirm the post from RLI27 works. I just disconnected the esx hosts from virtual center, NOT delete them. Then stopped VC services, copied certs over, started vc services, then reconnected the esx hosts. It asks for root/pw again then everything gets put where it should, permissions stayed intact, vm's stayed running, all was good.

 

Robert

Bookmarked By (0)

Share This Page

Communities