I'm attempting to do this as per kb
It always fails. The error message I'm getting looks like this in the logs:
2016-07-12T17:52:24.720Z ERROR certificate-manager 2016-07-12T17:52:20.636Z Updating certificate for "com.vmware.vim.eam" extension
2016-07-12T17:52:24.720Z ERROR certificate-manager Error while performing Cert Replacement operation, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
2016-07-12T17:52:24.720Z ERROR certificate-manager {
"resolution": null,
"detail": [
{
"args": [
"2016-07-12T17:52:20.636Z Updating certificate for \"com.vmware.vim.eam\" extension\n"
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : '2016-07-12T17:52:20.636Z Updating certificate for \"com.vmware.vim.eam\" extension\n'",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error in updating certificate for solution: com.vmware.vim.eam"
],
"componentKey": null,
"problemId": null
}
2016-07-12T17:52:24.721Z INFO certificate-manager Performing rollback of Root Cert...
This is on vSphere 6.0U2 with the corresponding VCSA (not Windows vCenter)
Among the things I have tried:
Whatever may be said, it doesn't work the way they say it should in the KB. I have been meticulous and this is a brand new installation.
I am using option (2) - i.e. the option to replace the Root certificate with a Microsoft-signed custom cert and then have the VCSA generate all the remaining certificates.
I have a VMWare Support Case pending. Just wondered if anyone has any ideas.
Oh - I have also tried the naming conventions mentioned here, which didn't make any difference either:
Initial setup of VCSA... AD Intergration... Had to replace certs. Now VCSA not available from web...
At a loss.
thanks
Following a support case, the answer is: scrap your VCSA and create a new one :smileyshocked:
It seems that if you use option 2 on a clean install, you can corrupt your SSL certificates and kiss goodbye to your VCSA (unless you have snapshots of it) :smileycry:
The recommendation I now have to use option 1 instead.
Following a support case, the answer is: scrap your VCSA and create a new one :smileyshocked:
It seems that if you use option 2 on a clean install, you can corrupt your SSL certificates and kiss goodbye to your VCSA (unless you have snapshots of it) :smileycry:
The recommendation I now have to use option 1 instead.