VMware Cloud Community
thiag2011
Enthusiast
Enthusiast

Vcenter certificate to be renewed

Hi all,

Vcenter certificate is about to expire in a month.

I browsed net on the procedure to renew the certificate.

I see multiple solutions, starting from just renaming the SSL folder, following a very big procedure.

So could anyone give clear picture on what has to be done to renew my vcenter and its components license.

Thanks in advance.

Reply
0 Kudos
6 Replies
schepp
Leadership
Leadership

Hi,

it heaviliy depends on which installation you use (Windows vCenter server or the vCenter server appliance?)

and which version you use. The replacement procedures changed alot in the different versions.

Also did you replace the default certificates or are the default installed certs about to expire?

Tim

Reply
0 Kudos
thiag2011
Enthusiast
Enthusiast

Hi Tim,

My vcenter version : 5.1 Update 3.

Its a vcenter server hosted in windows 2008

Also did you replace the default certificates or are the default installed certs about to expire?

My company name was mentioned as issuer, so it should not be a default certificate isnt.

     Is there a way to confirm on this.


Thanks


Reply
0 Kudos
schepp
Leadership
Leadership

If your company name is in it it's not the default :winking_face:

So for windows version 5.1 you can follow this guide:

VMware KB: Configuring CA signed certificates for vCenter Server 5.1

So talk to your cert admin how to generate new certs, if you sign them yourself in your company or if you use CA signed certs ( you could also check by whom your old cert is signed )

Tim

Reply
0 Kudos
SavkoorSuhas
Expert
Expert

Replace certificates for 4.0, 5.0, 5.1, 5.5

VMware vCenter SSL Certificate 101

Suhas

If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points.

Don't Backup. Go Forward!
Rubrik

Reply
0 Kudos
thiag2011
Enthusiast
Enthusiast

Hi all,

After getting my access to generate new SSL certificate, I tried to create it but got the below error.

I have no clue on this. Can anyone help please.

=================

File Not Found

Could Not Find C:\Temp\OpenSSL\<servername>\SSL\Blob*.*

Could Not Find C:\Temp\OpenSSL\<servername>\SSL\Cert.P7B

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

............+++

.....................+++

writing new private key to '.\<servername>\Inventory\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\Inventory\rui.crt

.\<servername>\Inventory\rui.crt: No such file or directory

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

...................................+++

................................................................................

.....................................+++

writing new private key to '.\<servername>\SSO\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\SSO\rui.crt

.\<servername>\SSO\rui.crt: No such file or directory

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

...................................+++

........................................................+++

writing new private key to '.\<servername>\vCenter\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\vCenter\rui.crt

.\<servername>\vCenter\rui.crt: No such file or directory

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

......................................................................+++

...............................+++

writing new private key to '.\<servername>\WebClient\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\WebClient\rui.crt

.\<servername>\WebClient\rui.crt: No such file or directory

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

................................................................................

..+++

...........+++

writing new private key to '.\<servername>\LogBrowser\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\LogBrowser\rui.crt

.\<servername>\LogBrowser\rui.crt: No such file or directory

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

.................................................+++

...........................+++

writing new private key to '.\<servername>\VUM\rui-orig.key'

-----

writing RSA key

Certificate Request Processor: The RPC server is unavailable. 0x800706ba (WIN32:

1722)

Loading 'screen' into random state - done

Error opening input file .\<servername>\VUM\rui.crt

.\<servername>\VUM\rui.crt: No such file or directory

============================================

Reply
0 Kudos
thiag2011
Enthusiast
Enthusiast

Hi Tim,

I have windows vcenter server 5.1 u3

I need to replace the custom generated certificate.not the default certificate.

The custom generated certificate is about to expire.

I followed the below KB

https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=...

and used the SSL automation tool.

Everything completed successfully. on opening the link https://vcentername:7444 , i get the new certificate,

But when i login using the vsphere client, i see only the old certificate.

I dont see any documentation for renewing a non expired certificate.

Could you please help.

Reply
0 Kudos