- VMware Technology Network
- :
- Cloud & SDDC
- :
- ESXi
- :
- ESXi Discussions
- :
- self signed ceritifcate with esxi server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
self signed ceritifcate with esxi server
i have one vmware esxi server installed on vmware workstation on my machine.
In general we install esxi server on one machine where it takes its ip address
As i have limited options i installed esxi server in vmware workstation.But esxi works as independent system. So it takes ip address as 10.100.13.36
it has certificate installed on its own.
From java program we can call to this machine.i am using java installed in my machine and calling from java program.
i have used vi sdk library done by steve jin.http://vijava.sourceforge.net/doc/getstarted/tutorial.htm
ServiceInstance si = new ServiceInstance(new URL("https://10.100.13.36/sdk"), "root", "teamw0rk", true)
true parameter indicates that the ignore certificate to true.
when i did this the instance si is created.
when i put false it is needed with the certificate mode of server.
1)In certificate mode,it needed the certificate server named with dns name as localhost.localdomain(Remember localhost here means 10.100.13.36 it is not my system.my system ip address is 10.100.12.112......my system has localhost reference with 10.100.12.112..my system is different from the server.server already takes ip address from dhcp configuration.)
when i run this.
i got the error as follows.
Exception in thread "main" java.rmi.RemoteException: VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.100.13.36 found
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:182)
at com.vmware.vim25.ws.WSClient.invoke(WSClient.java:124)
at com.vmware.vim25.ws.VimStub.retrieveServiceContent(VimStub.java:1521)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:85)
at com.vmware.vim25.mo.ServiceInstance.<init>(ServiceInstance.java:69)
at com.vmware.vim25.mo.samples.HelloVM.main(HelloVM.java:16)
2) can i use keytool command with option -ext san=ip=10.100.13.36 so that i recreate the certificate from my machine to the ip address 10.100.13.36 Is it possible to recreate the certificate of such uncontrolled server by my machine.I am calling it as uncontrolled server because we do not have any configuration settings by us.(or)putting this certificate in that server is also not possible.)
But can we recreate the certificate from our jvm environment with option of -ext san=ip=10.100.13.36
3) we can import the existed certificate of the vmware esxi server.But here the basic problem arises is that our program is not able to identify the certificate mode of server(which is dns name option)...can we achieve this with option -ext option.
with the some light on this i can forward.
Please give some suggestions.