VMware Cloud Community
robinsonjl3
Enthusiast
Enthusiast
Jump to solution

Possible Certificate Issue

I have a strange problem that I have been working on all day and just don't know what else to do.

I migrated my internal CA to 2016 server which required me to update my certs for vSphere.  I went though the steps and thought all was good until I tried to SSH into the VMCA.  I kept getting Access Denied errors when logging in with the root account.  It eventually locked the account and found steps to unlock it and I even tried resetting the password.

Now here is what is strange.  All of my hosts and vCenter show the correct certificate in my browser.  Even the PSC URL is good (https://vmca.domain.com/psc).  I am able to login all fine and dandy.  However, if I go to https://vmca.domain.com:5480 it shows the certificate from my old 2012 CA which is no longer online and I cannot login.  But if I go to https://vmca:5480 I can login but the certificate is still wrong.

I also cannot access the VMCA with WinSCP, keeps giving me authentication errors.  I cannot SSH into it with my root account, just keeps saying Access Denied.  I can SSH with my administrator@vsphere.local account but I can't do a whole lot.

So what I want to do is reset everything back to self-signed certs and go through the process again but cannot get anywhere.  Hoping someone has some ideas for me to try.  Any help would be appreciated.

Thanks.

Reply
0 Kudos
1 Solution

Accepted Solutions
msripada
Virtuoso
Virtuoso
Jump to solution

port 5480 is VAMI page

Note :Ensure to take  vcenter/PSC snapshot before trying any steps

Can you try the steps in the KB

VMware Knowledge Base

Thanks,

MS

View solution in original post

Reply
0 Kudos
3 Replies
robinsonjl3
Enthusiast
Enthusiast
Jump to solution

I resolved my Access Denied error when trying to SSH into vCenter by following this article:

VMware Knowledge Base

In my case I had set it to /bin/bash/ instead of /bin/bash

But I still have the certificate issue when attempting to get to https://vcsa.domain.com:5480.  It gives me an invalid certificate error and I cannot login.  But if I go to https://vcsa:5480 I can login and see that my certificate is still from my old CA.  Would like to fix this as it is bugging me.  Any ideas are welcome.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
Jump to solution

port 5480 is VAMI page

Note :Ensure to take  vcenter/PSC snapshot before trying any steps

Can you try the steps in the KB

VMware Knowledge Base

Thanks,

MS

Reply
0 Kudos
robinsonjl3
Enthusiast
Enthusiast
Jump to solution

Thank you so much, worked like a champ.

Reply
0 Kudos