Hello,
i want to replace the preinstalled vcenter certificates against ones which are signed from our internal CA.
I used this kb article to get the csr:
Unfortunately i cannot finish the request because i always get the following error:
2016-10-18T09:06:52.170Z ERROR certificate-manager Error while generating CSR
2016-10-18T09:06:52.170Z ERROR certificate-manager {
"resolution": null,
"detail": [
{
"args": [
"Command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsr', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub', '--config', '/var/tmp/vmware/certool.cfg', '--csrfile', '/tmp/vmca_issued_csr.csr']\nStderr: "
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : 'Command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsr', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub', '--config', '/var/tmp/vmware/certool.cfg', '--csrfile', '/tmp/vmca_issued_csr.csr']\nStderr: '",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error in generating CSR"
],
"componentKey": null,
"problemId": null
}
Where is my fault?
Which version of vCenter are you running?
Is there any additional information in the following log?
C:\ProgramData\VMware\vCenterServer\logs\vmca\certificate-manager.log
/var/log/vmware/vmcad/certificate-manager.log
Are you using the command prompt in elevated mode? Also, try running it using powershell.
I have a blog posts series on this which you can refer.
Replacing default certificates in vSphere 6 - Part 1 - vPirate
http://vpirate.in/2016/06/15/replacing-default-certificates-vsphere-6-part-2/
http://vpirate.in/2016/06/28/replacing-default-certificates-in-vsphere-6-part-3/
http://vpirate.in/2016/08/02/replacing-default-certificates-in-vsphere-6-part-4/
I am using putty because vcenter is running as linux appliance.