VMware Cloud Community
zenariga
Enthusiast
Enthusiast
‎02-23-2014 07:04 AM
Jump to solution

SSL automation tool is not loading advanced configurations

Hello everyone,

I'm trying to load a new SSL certificate on my vCenter server (Virtual Center 5.1 u1b). I already requested the certificate, create all files needed and I'm trying to load that on my environment.

My vCenter server don't have the same name of certificate, we use an alias to make more user friendly the workstation connection to VDI environment.

That is my issue, when I try to add the new certificate I received the message below:

[.] ERROR: The leaf certificate doesn't have any CN or subjectAltName that match

es the public address of the current machine. Rejecting the chain. To skip this

check, set the `ssl_tool_no_cert_san_check' environment variable to 1.

[.] ERROR: The supplied certificate chain is not valid.


OK, I went to config file and edited. I enabled the ssl_tool_no_cert_san_check with variable 1 and restart the tool.


As soon Automation tool starts, the message below appears:


F:\SSLAutomationTool1.0.1>ssl-updater.bat

'ssl_tool_no_cert_san_check' is not recognized as an internal or external comman

d, operable program or batch file.


So the parameter that I need is not been loaded.

Anyone know how I can solve that?

Thanks

Preview file
257 KB
Reply
0 Kudos
1 Solution

Accepted Solutions
zenariga
Enthusiast
Enthusiast
‎02-23-2014 09:09 AM
Jump to solution

Hello Frank, I'm not owner of certificate process creation.

The company that I work request Symantec Verizon certificates and each aditional DNS is charged. So only one name is added on certificate. :smileysilly:

Related with the issue I added the line in bold below on file ssl-updater.bat

:updateVC_SSL

set ssl_tool_no_cert_san_check=1

call :echoAndLog "The services that are restarted as a part of this operation are: VMware VirtualCenter Server, VMware VirtualCenter Management Webservices and VMware vSphere Profile-Driven Storage Service."

call "%~dp0tools\read-params.bat" -vc

call:validateCertificateChainFully "%vc_cert_chain:"=%" "%vc_private_key:"=%"

Thanks

View solution in original post

Reply
0 Kudos
2 Replies
admin
Immortal
Immortal
‎02-23-2014 07:57 AM
Jump to solution

Yes use the correct syntax in the batch file, you seem to have a typo there, as all it does is setting an environment variable.

Why did you not include the DNS alias in the subject alternate name field of the certificate? The way to force the certificate in will still produce certificate warnings for your end users.

Reply
0 Kudos
zenariga
Enthusiast
Enthusiast
‎02-23-2014 09:09 AM
Jump to solution

Hello Frank, I'm not owner of certificate process creation.

The company that I work request Symantec Verizon certificates and each aditional DNS is charged. So only one name is added on certificate. :smileysilly:

Related with the issue I added the line in bold below on file ssl-updater.bat

:updateVC_SSL

set ssl_tool_no_cert_san_check=1

call :echoAndLog "The services that are restarted as a part of this operation are: VMware VirtualCenter Server, VMware VirtualCenter Management Webservices and VMware vSphere Profile-Driven Storage Service."

call "%~dp0tools\read-params.bat" -vc

call:validateCertificateChainFully "%vc_cert_chain:"=%" "%vc_private_key:"=%"

Thanks

Reply
0 Kudos