digerati646
Enthusiast
Enthusiast

renewing certificate on view security and replica servers

Jump to solution

I am looking to renew my SSL certificate on my view security server version 5.3 (and view replica server).  I used different server to do my cert request, finished the requested on that server, then exported the full certificate with the private key.  I imported it into the VSS and flipped the friendly name of the current certificate to OldVDM and ensured that the new one was set to VDM.  When I restart the services, the VMware View Security Gateway Component starts for a moment, then stops.  Does anyone out there have a better procedure for installing the cert or have any advice on what I am doing wrong.  I have also installed the intermediate certs on the server as well.

Thanks in advance.

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
digerati646
Enthusiast
Enthusiast

So after trying a few format types, I got it to work.  I was told to use the PKCS #7 format, however, when you try to do that in IIS it gives you an error.  Also, trying to renew the initial cert within IIS was giving an error as well during the renewal.  SO, what worked was doing a new cert request, getting the cert in x.509 format, installing it on my surrogate server, THEN export it in PFX format and include all the correct info.  After I installed it on the VSS, and restarted services, that seemed to do it.

View solution in original post

0 Kudos
3 Replies
roneng
Enthusiast
Enthusiast

dont forget to add the key to the certificate

and also, you need to upload a pfx file, not a crt

hope that helps

digerati646
Enthusiast
Enthusiast

yeah.. It definitely is a cert with the key, in pfx format.  I can see the key in the icon as well.

I am thinking it might have to do with the encryption algo.  My old cert is SHA1RSA, new one is SHA256RSA.  Perhaps that has something to do with it..  I was going to create a support ticket with VMware to ask about cert types.

0 Kudos
digerati646
Enthusiast
Enthusiast

So after trying a few format types, I got it to work.  I was told to use the PKCS #7 format, however, when you try to do that in IIS it gives you an error.  Also, trying to renew the initial cert within IIS was giving an error as well during the renewal.  SO, what worked was doing a new cert request, getting the cert in x.509 format, installing it on my surrogate server, THEN export it in PFX format and include all the correct info.  After I installed it on the VSS, and restarted services, that seemed to do it.

View solution in original post

0 Kudos