I'm attempting to do this as per kb
2112016
It always fails. The error message I'm getting looks like this in the logs:
2016-07-12T17:52:24.720Z ERROR certificate-manager 2016-07-12T17:52:20.636Z Updating certificate for "com.vmware.vim.eam" extension
2016-07-12T17:52:24.720Z ERROR certificate-manager Error while performing Cert Replacement operation, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
2016-07-12T17:52:24.720Z ERROR certificate-manager {
"resolution": null,
"detail": [
{
"args": [
"2016-07-12T17:52:20.636Z Updating certificate for \"com.vmware.vim.eam\" extension\n"
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : '2016-07-12T17:52:20.636Z Updating certificate for \"com.vmware.vim.eam\" extension\n'",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error in updating certificate for solution: com.vmware.vim.eam"
],
"componentKey": null,
"problemId": null
}
2016-07-12T17:52:24.721Z INFO certificate-manager Performing rollback of Root Cert...
This is on vSphere 6.0U2 with the corresponding VCSA (not Windows vCenter)
Among the things I have tried:
- Using a unique Name for each .cfg when creating the CSR
- Modifying the eam .properties file to remove the "localhost" entry and replacing it with an FQDN
Whatever may be said, it doesn't work the way they say it should in the KB. I have been meticulous and this is a brand new installation.
I am using option (2) - i.e. the option to replace the Root certificate with a Microsoft-signed custom cert and then have the VCSA generate all the remaining certificates.
I have a VMWare Support Case pending. Just wondered if anyone has any ideas.
Oh - I have also tried the naming conventions mentioned here, which didn't make any difference either:
Initial setup of VCSA... AD Intergration... Had to replace certs. Now VCSA not available from web...
At a loss.
thanks
