VMware Cloud Community
shaka
Enthusiast
Enthusiast

Replace SSL certificates with own CA certs

I am trying to replace SSL certificates on my ESX 3.5 host. I am able to generate the cert request using the following command

openssl req -new -key ./rui.key > request.csr

I then take the certificate request text and generate the new certificate from our CA. I copy the certificate to /ect/vmware/ssl and restart the mgmt-vmware service. When I try to add the host to my Virtual Center 2.5 server I get an error stating

"Failed to install the VirtualCenter Agent Service."

If I copy the old cert back it connects fine. Any ideas?

Reply
0 Kudos
3 Replies
troberts
VMware Employee
VMware Employee

For more information about VirtualCenter server certificates, including information about how to replace them, see Technical Note, "Replacing VirtualCenter Server Certificates."

http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

shaka
Enthusiast
Enthusiast

Unfortunately I have already seen this document. I believe my problem maybe in the certificate generation. I am not sure if I configured the openssl.cnf file correctly.

Reply
0 Kudos
bfent
Enthusiast
Enthusiast

We are having this same issue.

I, too, have followed this, and other, documentation but with no success.

I am using the openssl 0.9.8g lite version installed on our VC Server (certificate generated for VC works fine).

Thanks.

Reply
0 Kudos