VMware Cloud Community
Enby04
Contributor
Contributor

Update vCenter Server SSL Certificate fails

I was following the steps for updating the SSL Certificated for the vCenter Server 5.1 components.  I successfully generated the certificates and was following the plan.  Step 1 (Update the Single Sign-On SSL certificate), Step 2(Update Inventory Service trust to Single Sign-On, step 3 (Update the Inventory Service SSL certificate), and step 4 (Update vCenter Server Trust to Single Sign-On), all completed successfully.  Step 5 - (Update the vCenter Server SSL certificate failed.  Single Sign-On is on a separtate server.  All of the Other services are on the vCenter server.  The Output follows:

The supplied certificate chain is valid.

Loading 'screen' into random state - done

"Cannot continue with the operation due to errors."

"Attempting rollback..."

"Cannot continue with the operation due to errors."

: Last operation update vCenter Server SSL certifi

cate failed :

: Cannot reload the vCenter Server SSL certificate

s. The certificate might not be unique.

How can I fix this?

Reply
0 Kudos
9 Replies
raog
Expert
Expert

I assume separate certificates were generated for IS and VC.

Regards

Girish

To Virtualization and beyond! PS::If you felt the answer as helpful, please mark it as helpful/answered so that it helps other users as well! Blog:: www.virtualtipsntricks.com
Reply
0 Kudos
Enby04
Contributor
Contributor

Yes. I generated separate certificates for each of the services. After receiving them I checked each one to make sure that all parameters were correct including OU. I used the Microsoft certificate authority.

Nathaniel Bynum | Network Administrator | LearnQuest

225 East City Avenue Suite 106 | Bala Cynwyd, PA 19004

Phone: 610-206-0101 x101 | Fax: 610-206-0102

Email: nate.bynum@LearnQuest.com<mailto:nate.bynum@LearnQuest.com> | www.learnquest.com<http://www.learnquest.com/>;

Learning is a lifelong journey. Let LearnQuest be your guide.

<http://www.facebook.com/pages/LearnQuest/236031437915?ref=ts> <http://twitter.com/LearnQuest> <http://www.linkedin.com/groups?mostPopular=&gid=2630694> <http://blog.learnquest.com/>

Reply
0 Kudos
ksattler
Enthusiast
Enthusiast

Have you ever solved it?

Reply
0 Kudos
Enby04
Contributor
Contributor

No I have not. Thanks for the follow up. Do you have any ideas?

Enby04

Reply
0 Kudos
ksattler
Enthusiast
Enthusiast

I have opened a SR, yesterday... we will see...

Reply
0 Kudos
Enby04
Contributor
Contributor

Thank you,

Enby04

Reply
0 Kudos
ksattler
Enthusiast
Enthusiast

SOLVED!

Steps:

1. Stop vCenter service

2. Look for your ID in LS_ServiceID.prop in folder C:\ProgramData\VMware\VMware VirtualCenter

3. Copy this ID (e.g. {C4672589-9258-42B1-90E2-1EF268BBD402}:5   )

4. Edit your vpxd.cfg in the same folder and replace

<serviceId>vCenterService</serviceId>

with

<serviceId>your ID</serviceId>

5. Start vCenter Service

Then the SSL automation tool works!

You don't need to revert the changes.

Reply
0 Kudos
Enby04
Contributor
Contributor

Hi,

The entry in the LS_ServiceID.prop file

{3976F5AD-8AE1-45EC-83C4-EBD6507BFC9B}:7

{F1E9D779-88EA-404E-89B3-8E87405CBF3A}:8

The serviceId entry in the vpxd.cfg file

It appears that the entries already match

Couple of questions

1. Would line breaks in either file make a difference?

2. On the SSO server and the vCenter server, I completely uninstalled all vmware components and reinstalled all vmware services. On the certificate Authority server I revoked all of the original certs and then generated new requests on the SSO and vCenter servers for all of the services. I downloaded and was going through the installation process for the certs. Would this sequence of events be at the root of the issue? As mentioned previously steps 1 through 4 completed successfully. Step 5 is the stopper.

Thanks for your continued input.

Enby04

Reply
0 Kudos
ksattler
Enthusiast
Enthusiast

Normally there should be only one entry. I think that's your main problem.

to 1: I don't know

to 2: I would begin from step 1 again. And yes, I think that the reinstallation is the root cause for your duplicate IDs.

Reply
0 Kudos