Solved: Re: SHA2-256 Certificates for vSphere/vCenter 6.5

thomasburge · ‎05-22-2017

So the VMware KBs aren't very good on this and I am having zero luck.

This is my setup:

Windows 2012R2 DCs and CAs

CA has SHA2-256 2048 key

vCenter 6.5d

Created multiple templates to test:

2003/2003

2008/2008

2008/2003

2012/2003

2012/2008

Everything is great and amazing on my PSCs. I'm trying to do load balanced PSCs behind a Netscaler FYI.

Also everything is 6.5 appliances.

I install and configure VC and everything is going great until I load up the web-client.

BOOM:

A server error occurred.

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Unable to initialize, java.io.IOException: extra data given to DerValue constructor.

Check the vSphere Client server logs for details.

Now everything I have read is that this is something to do with a problem decoding the certificate, but I have no idea what else to do.

All of the endpoints are configured correctly as far as I can tell.

thomasburge · ‎05-23-2017

I actually resolved this myself. After opening a ticket with VMware, I figured it out on my own by reading multiple posts

The VMware KB for creating a template is wrong for SHA2 and it is missing a few things. I have documented these in this blog post:

https://vcpgeek.com/2017/05/22/configure-microsoft-ca-templates-for-vmware-with-sha2-256/

View solution in original post

thomasburge · ‎05-23-2017

I actually resolved this myself. After opening a ticket with VMware, I figured it out on my own by reading multiple posts

The VMware KB for creating a template is wrong for SHA2 and it is missing a few things. I have documented these in this blog post:

https://vcpgeek.com/2017/05/22/configure-microsoft-ca-templates-for-vmware-with-sha2-256/