VMware Cloud Community
bdoubleu
Contributor
Contributor
‎04-04-2010 10:42 PM

ESXi Server issues the incorrect SSL certificate for clients connecting to the webserver guest OS

Hi All,

I am brand new to virtualization and I created an ESXi 4.0.0 server, in which

I have hosed a few Micro$oft servers. One of them is a webserver and the other 2 are a domain controller and an Exchange server.

So, I went the normal route and logged into the host OS and created an

SSL certificate request, sent that off to godaddy, received my new certs and

installed them on the guest os virtual server, but when people hit the webserver running, they are

getting a certificate issued by the VMWare server rather than the one

hosted by the Guest OS.

Is there an easy way around this? Can I disbale vmware from doing this

if I know this will be the only SSL cert on that box?

Can I share this cert with the box if it was already generated to be

used on a winsdows 2003 server?

I am starting to get desperate as I cannot find anyone who seems to know how to do this anywhere and my merchant services has cut me off because they say that I am no longer secure. I REALLY need some help in getting this up and running correctly.

Anything else that anyone can please share? Or if anyone would like to

solve this problem for me, I will gladly pay them to log in and do it Smiley Happy

Thanks!

Brad

0 Kudos
4 Replies
jkumhar75
Hot Shot
Hot Shot
‎04-04-2010 11:41 PM

In this particular issue, you can try removing the certficate from Vmware and adding the SSL certificate created by you.

Jay

MCSE,VCP 310,VCP 410

Consider awarding points for "helpful" and/or "correct" answers.

If you found this or other information useful, please consider awarding points for "Correct" or "Helpful". Jayprakash VCP3,VCP4,MCSE 2003 http://kb.vmware.com/
Borja_Mari
Virtuoso
Virtuoso
‎04-05-2010 02:47 AM

Hi,

AFAIK what are you saying should not be happening in a right scenario.

First you should make the web certificate request inside the guest machine. Not inside the host machine. I guess it's a mistake on your opening discussion writing.

When web clients connect to the https port of your guest machine IP, they must connect to the web server placed in your guest machine. Then in a correct environment it has no sense that they are seeing a ssl certificate made by VMWare.

Maybe you host machine and guest shares the same IP? This is wrong, it's a misconfiguration. Guest must not share IP with the esxi host machine.

Your web clients are connecting to the right IP using dns queries? Maybe are connecting in a wrong way to the esxi host machine instead of the guest machine. This would explain the wrong ssl certification behavior.

Hope this helps Smiley Happy

Regards/Saludos,

Pablo

Please consider awarding any helpful answer. Thanks!! - Por favor considera premiar las respuestas útiles. ¡¡Muchas gracias!!

Virtually noob blog

------------------------------------------------------------------------------------------------- PLEASE CONSIDER AWARDING any HELPFUL or CORRECT reply. Thanks!! Por favor CONSIDERA PREMIAR cualquier respuesta ÚTIL o CORRECTA . ¡¡Muchas gracias!! VCP3, VCP4, VCP5-DCV (VCP550), vExpert 2010, 2014 BLOG: http://communities.vmware.com/blogs/VirtuallyAnITNoob
bdoubleu
Contributor
Contributor
‎04-05-2010 09:10 AM

Thank you Jay. I would love to be able to remove the SSL certificate on the HOST machine, so that the GUEST OS can hand out the correct SLL cert. Is there a walkthrough somewheere that I could follow, on how to do this?

Thank you Pablo. My wording was incorrect in the original post. I logged into the GUEST OS to request the certificate and posted it to the GUEST OS. I just thought that the ESXi servber would "know" and let the traffic pass through and grab the right one.

As far as the I.P. addresses go, I only have one single static I.P. address from the outside and the internal ones are completely different. Internally, when I coinnect to the server using vspehere client, I go to 192.168.45.45 and this I consider the "root" or ESXi server. I have set up the webserver to reside at 192.168.45.10 on that machine.

If it would help to visit it and see the certificate that is being issued, the website is http://www.acconia.com.

Thanks again to both of you!

Brad

0 Kudos
bdoubleu
Contributor
Contributor
‎04-05-2010 09:11 AM

Thanks!

0 Kudos