8 Replies Latest reply on Mar 24, 2016 6:03 AM by AlBalushi

    Replacing App Volumes Manager SSL

    vishalchand Novice

      AppVolume version Version: 2.10.0.1412

       

      Did anyone successfully replaced the SSL certificate for Appvolume manager?  I have followed the KB article Replacing App Volumes Manager SSL Certificate (2095969) for creating CSR cert, restarted the manager service but still defaults to old cert.

       

      Thanks in Advance...

        • 1. Re: Replacing App Volumes Manager SSL
          Ray_handels Master
          Community WarriorsvExpert

          Ah yeah, the certificate issue .

           

          I cant open the link you provided (KB of vmware offline again) but I believe they state that you need to create your own certificate files (.crt file and .key fiole right?) and replace the original svserver.crt and .key file right?

          Unfortenately that isn't enough. Apparently they now keep on using the appvol_self_vmware.com.crt and .key file. You also need to replace these files with your newly created certificate and your good to go.

           

          Also, restart the server, not only the service, we found out that this works better.

          • 2. Re: Replacing App Volumes Manager SSL
            vishalchand Novice

            that works.... thanks for speedy response. The original svserver.crt and .key were found at two location as per below including replacing appvol_self_vmware.com.crt and .key file to make it work. C:\Program Files (x86)\CloudVolumes\Manager\nginx_proxy\conf C\Program Files (x86)\CloudVolumes\Manager\nginx\conf

            • 3. Re: Replacing App Volumes Manager SSL
              solgaeDK Enthusiast

              The real problem is, VMware App Volumes team seem to have forgotten to update their nginx.conf file to point to the certificate files that VMware KB says to replace. I logged a feedback about it on their KB article when I noticed it at version 2.6, but no change yet as of 2.10.

               

              The nginx.conf for App Volumes Manager server points to the appvol_self_vmware.com.crt and appvol_self_vmware.com.key to read in the SSL certificate, which means replacing svserver.crt and svserver.key files is meaningless.

               

              To tell the App Volumes service to use the appropriate certificate files, you need to edit the nginx.conf file in C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf directory (assuming default install location). Browse down until you find the entry like this:


                  server {

                      server_name 0.0.0.0;

                      listen       443;

               

               

                      ssl                  on;

                      ssl_certificate      appvol_self_vmware.com.crt;

                      ssl_certificate_key  appvol_self_vmware.com.key;

                      ssl_session_timeout  5m;

               

               

                      root   ../public;

                      rewrite ^/(.*)/$ /$1 permanent;

               

              Change the ssl_certificate and ssl_certificate_key to svserver.crt and svserver.key respectively so it looks like this:

               

                  server {

                      server_name 0.0.0.0;

                      listen       443;

               

               

                      ssl                  on;

                      ssl_certificate      svserver.crt;

                      ssl_certificate_key  svserver.key;

                      ssl_session_timeout  5m;

               

               

                      root   ../public;

                      rewrite ^/(.*)/$ /$1 permanent;

               

              Restart App Volumes service thru Services MMC and App Volumes server will now use the appropriate certificate files.

               

              Of course, replacing appvol_self_vmware.com.crt and appvol_self_vmware.com.key files with your own cert works too, but I don't like the naming scheme of the files.

               

              Once you replaced the cert and restarted the service, remember to update the agent config on the registry to use SSL according to VMware KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2091589

               

              BTW, upgrading App Volumes version means uninstalling the existing version, which will blow away the certificate files. Make sure to back up those files before uninstalling, or you'll have to re-generate the cert and the associated private key once you install the new version.

              • 4. Re: Replacing App Volumes Manager SSL
                AlBalushi Novice

                Hi all

                 

                i was following the steps but it seems that not working , any workaround for this issue with replacing App Volume manager SSL

                 

                 

                Regards

                SB.Mohammed

                • 5. Re: Replacing App Volumes Manager SSL
                  Ray_handels Master
                  vExpertCommunity Warriors

                  Have you restarted the server after changing the certificates? And what kind of certificate do you see when connecting to the Manager website? Do you still see the Appvolumes self signed certificate or do you see your own certificate?

                  Keep in mind to change both certificates.

                  • 6. Re: Replacing App Volumes Manager SSL
                    AlBalushi Novice

                    Hi,

                     

                    Yes replaced both certificates and services are restarted as well. When the URL is entered in the browser it does not simply respond and when we see the errors in the log files we can see following.

                     

                    2016/03/23 12:30:27 [emerg] 4496#5244: PEM_read_bio_X509_AUX("C:\Program Files (x86)\CloudVolumes\Manager\nginx/conf/appvol_self_vmware.com.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

                    2016/03/23 12:30:59 [emerg] 2584#3172: PEM_read_bio_X509_AUX("C:\Program Files (x86)\CloudVolumes\Manager\nginx/conf/appvol_self_vmware.com.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

                    2016/03/23 12:31:32 [emerg] 5924#4828: PEM_read_bio_X509_AUX("C:\Program Files (x86)\CloudVolumes\Manager\nginx/conf/appvol_self_vmware.com.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

                    • 7. Re: Replacing App Volumes Manager SSL
                      Ray_handels Master
                      vExpertCommunity Warriors

                      Did you create self signed certificates?? It seems as if these certificates aren't trusted..

                      • 8. Re: Replacing App Volumes Manager SSL
                        AlBalushi Novice

                        Hi all

                        we had sorted this issue with certificate very long a way i will document the same for future references ,will share the here

                         

                        Regards

                        SB.Mohammed