Hi everyone
I have Vcenter 7.0.3.00700 and want to replace SSL ، I generated CSR from Vcenter. After I got a new certificate from Replace Vcenter server certificate section I chose "Replace with external CA certificate where CSR is generated from vCenter Server (private key embedded)" and after importing SSL and chain trust, I faced an error. I attached the picture, please help me.
Thanks
Please check if the PNID value is mismatch. It could be one of the reason for the cert fail
to check the current value:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
to update the value:
/usr/lib/vmware-vmafd/bin/vmafd-cli set-pnid --server-name localhost --pnid <pnid>
I ran your command and after that, the error changed.
The new error is "Error occurred while fetching tls: the trustAnchors parameter must be non-empty"
please follow this thread:
https://communities.vmware.com/t5/VMware-vSphere-Discussions/Certificate-Management/td-p/2840115
Hello,
This error can occur due to the algorithm used to sign the CSR using SHA1 which is not supported..
More Details : https://kb.vmware.com/s/article/2112277?lang=en_us
Regards
Harry
Is it applies to me, who uses an External certification authority?
Im using external CA.
But im doing that with -->
/usr/lib/vmware-vmca/bin/certificate-manager
More transaparent than the GUI
1 -> Enter (Replace Machine SSL certificate with Custom Certificate)
Benutzname -> Enter
Passwort -> Enter
1 -> Enter (Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate
cheers
Yes, it will apply who is using external CA. You can also check if CSR not generated through vCenter. Some public CAs also generate private key along with certificate and the chain.