tough_siberian_
Enthusiast
Enthusiast

How to change vCO appliance Server SSL Certificate for vCO Multi-Node Plugin

Hi.

I have this problem which I was not able to solve yet.

Two appliances are deployed with default settings for hostname and IP. So both appliances got "localhost" as hostname and IP address from DHCP server.

I changed this properties through appliance configuration, so each appliance has proper hostname and proper static IP address. Appliance is rebooted after that change.

However, when I try to add a remote server for vCO Multi-Node plugin I got the error that certificate properties didn't match server address. From these certificate properties I see that hostname and IP addresses in certificate still contain "localhost" as hostname and old IP address received from DHCP.

What is the corect procedure to regenerate this certificate after updating appliance properties?

Thank you.

0 Kudos
3 Replies
admin
Immortal
Immortal

Burke-
VMware Employee
VMware Employee

As Christian mentions, there are a few articles on this:

Mine (referenced in Christian's article): http://www.vcoteam.info/learn-vco/work-with-vco-over-ssl.html

VMware KB (based on my article): http://kb.vmware.com/kb/2007032

Follow the steps in the article and the end result will be a self-signed certificate that matches the hostname of your vCO server which should allow a number of things to work with vCO api over SSL Smiley Happy

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
tough_siberian_
Enthusiast
Enthusiast

Christian Johannsen wrote:


Hi,

have you seen this: http://mighty-virtualization.blogspot.de/2012/09/vco-51-appliance-how-to-fix.html

best regards

Christian

What I found myself is this:


http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200703...


It basically explains the same thing only for vCO installed on Windows. However, with this procedure I can generate certificate containing either hostname or IP address but not both. IP address value should go to "subject alternative name" field in the certificate, and to generate certificate with this field, Java 7 keytool utility is needed. As appliance contains Java version 6 (and I don't want to modify it), then I just download keystore file on local machine containing Java 7, do certificate modification and upload keystore file back.


Should work. Smiley Happy

0 Kudos