VMware Cloud Community
vitaprimo
Enthusiast
Enthusiast

Where is the private key when using certificate-manager's web UI?

My old vCenter crashed and I'm trying to add custom certificates on the new one however when I complete the CSR generation on the web UI there are just two options, copy and download.

Copy does what it says, copies the CSR to the clipboard and download downloads it, just the CSR, no private key. The CSR, naturally, is enough to get the signed certificate but at import time I have no private key to match and thus it won't accept the certificate.

How can I get a hold of the private key? Why after so many iterations can't VMware get it right--I mean, vCenter is really expensive, you sort of expect it to be flawless. What's the point of the web UI if you still have to hunt down files in the CLI. I tried using this wildcard certificate I'm using in several places but it won't accept it, I assume it's because it doesn't explicitly has the hostname.

I looked it up (the private key) on /usr/lib/vmware-vmca/bin already expecting it not to be there, and surely it wasn't. I went to /tmp and looked up anything with today's timestamp (/tmp/jna-root) but it was empty. The rest on /tmp are .part files.

Anyway, I appreciate your help on this -- and thanks !

Tags (2)
3 Replies
msripada
Virtuoso
Virtuoso

It is actually an issue now with hmtl5..

For now, you can access the VCSA using ssh and get the key using the command below

/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CSR

Thanks,

MS

jmeg8r16
Contributor
Contributor

Thanks!  I've been looking for this. 

Reply
0 Kudos
navina
Enthusiast
Enthusiast

navina_0-1705499786880.png

Just curious, When the CSR is generated from UI, you can select Embedded Private Key while Importing the certificate.

 

Regards,
Navin A
Reply
0 Kudos