Re: PSC SSL Certificate installation : Looking for...

Avaakaford · ‎02-20-2018

HI all,

I'm looking to automate SSL Cert on PSC appliance 6.5 . I tried couple of powershell functions , no help so far. May i know any one did PSC SSL cert installation automated way .

Thanks

Ajay

LucD · ‎02-20-2018

Which functions did you try?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Avaakaford · ‎02-20-2018

I tried to send series of inputs to appliance from power-shell to bash ( PSC Appliance).These become singular way of communication , i'm looking for stable process.

Invoke-SSHCommand

VMKeystroke

Invoke-VMScript

Invoke-webrequest ( planning to hit PSC appliance- not done yet)

Note: i already have my root certs with me & trying Hybrid SSL install

LucD · ‎02-21-2018

I'm able to use Invoke-VMScrip tot call the dir-cli command.

Which seems to indicate I can use the commands from Use Third-Party Certificates With vSphere to replace certificates.

$vcsaName = 'MyVCSA

$ssoUser = 'administrator@vsphere.local'

$ssoPswd = 'VMware1!'

$user = 'root'

$pswd = 'VMware1!'

$vm = Get-VM -Name $vcsaName

$code = @"

/usr/lib/vmware-vmafd/bin/dir-cli trustedcert list --login $ssoUser --password $ssoPswd

"@

Invoke-VMScript -VM $vm -GuestUser $user -GuestPassword $pswd -ScriptText $code -ScriptType Bash

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Avaakaford · ‎02-21-2018

I tried like below one passing singular code. It is not working for interactive scripts Example: open /usr/lib/vmware-vmca/bin & open ./certificate-manager and pass inputs to it. Along with that we can't enter inside folder and do our operation, it is always in root folder .Example : create folder ( works), enter inside folder ( not works) .

Thanks

Ajay Vaaka

LucD · ‎02-21-2018

Why would the creation of a folder and going to that folder not work? Works for me.

Can you show us the code you used?

And of course interactive scripts don't work as-is, but you can use redirection and the pipeline to feed answers to commands.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Avaakaford · ‎02-21-2018

This is what i'm looking for exactly "you can use redirection and the pipeline to feed answers to commands".

Can you please give me an example . I'm trying to replace custom certs ( run ./certificate-manager , pipeline to feed answers to commands : 2(replace certs), credentials, cert location )

Folders creation is to store my custom certs and going inside folder and check that uploaded certs ( i will double check on it )

Thanks

Ajay

LucD · ‎02-21-2018

Is there a reason why you would not use dir-cli ?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Avaakaford · ‎02-21-2018

never tried. i will look on it.

Avaakaford · ‎02-21-2018

we are not using dir-cli, we don't have root.key .Getting root key seems big task in my organization.

Avaakaford · ‎02-21-2018

Below is what i'm planning to accomplish as temporary solution for SSL Cert for PSC. still interactive session from ./certificate-manager still present.any suggestions.

connect-viserver -Server $vcenter -User $user -Password $pwd

$vm = Get-VM -Name VMname

$commands = @"

shell

chsh -s "/bin/bash" root

mkdir /machine_ssl

cd /machine_ssl

wget --no-parent -nH --cut-dirs=2 -r CertLocation

cd /usr/lib/vmware-vmca/bin

./certificate-manager

1

$ssoUser

$ssopswd

2

machine cert location

machine key location

root cert location

Y

service-control --stop --all

service-control --start --all

"@ -split "`n"

wait

foreach ($command in $commands)

{

write-host "Performing $command "

Invoke-VMScript -VM $vm.Name -GuestUser $user -GuestPassword $pswd -ScriptText $command -ScriptType Bash

}

Thanks

Ajay

All

PSC SSL Certificate installation : Looking for auto install process