Stockente
Contributor
Contributor

Error while generating CSR

Hello,

i want to replace the preinstalled vcenter certificates against ones which are signed from our internal CA.

I used this kb article to get the csr:

Configuring VMware vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority (...

Unfortunately i cannot finish the request because i always get the following error:

2016-10-18T09:06:52.170Z ERROR certificate-manager Error while generating CSR

2016-10-18T09:06:52.170Z ERROR certificate-manager {

    "resolution": null,

    "detail": [

        {

            "args": [

                "Command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsr', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub', '--config', '/var/tmp/vmware/certool.cfg', '--csrfile', '/tmp/vmca_issued_csr.csr']\nStderr: "

            ],

            "id": "install.ciscommon.command.errinvoke",

            "localized": "An error occurred while invoking external command : 'Command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsr', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub', '--config', '/var/tmp/vmware/certool.cfg', '--csrfile', '/tmp/vmca_issued_csr.csr']\nStderr: '",

            "translatable": "An error occurred while invoking external command : '%(0)s'"

        },

        "Error in generating CSR"

    ],

    "componentKey": null,

    "problemId": null

}

Where is my fault?

0 Kudos
4 Replies
Mattallford
Hot Shot
Hot Shot

‌Which version of vCenter are you running?

Is there any additional information in the following log?

C:\ProgramData\VMware\vCenterServer\logs\vmca\certificate-manager.log

/var/log/vmware/vmcad/certificate-manager.log

VCP6-DCV | VCAP6-DCV Deploy @mattallford If you found my answers useful, please help me by marking them as Helpful or Correct!
0 Kudos
abhilashhb
VMware Employee
VMware Employee

Are you using the command prompt in elevated mode? Also, try running it using powershell.

I have a blog posts series on this which you can refer.

Replacing default certificates in vSphere 6 - Part 1 - vPirate

http://vpirate.in/2016/06/15/replacing-default-certificates-vsphere-6-part-2/

http://vpirate.in/2016/06/28/replacing-default-certificates-in-vsphere-6-part-3/

http://vpirate.in/2016/08/02/replacing-default-certificates-in-vsphere-6-part-4/

------------------------------------------------------------------------------------------------------------------------------------ If you find this or any other answer useful please mark the answer as correct or helpful. Abhilash B | Blog : http://vpirate.in | Twitter : @abhilashhb | LinkedIn : https://www.linkedin.com/in/abhilashhb/ |
0 Kudos
Stockente
Contributor
Contributor

Its VMWare vCenter Server Appliance 6.0.0.200000

Here is the complete log:

0 Kudos
Stockente
Contributor
Contributor

I am using putty because vcenter is running as linux appliance.

0 Kudos