Re: vCenter 5.5 Certificates

hypnoticautopsy · ‎11-21-2016

Has anyone successfully replaced any of the vCenter certificates?? I've spoken to, and searched everything about replacing these default certificates short of diving down into the Abyss looking for those aliens, and have come up short. The tool VMware released doesn't exactly work, however I finally got it to accept my PEM file by manually creating it. I think I'm 1 step away from having a victory but I keep running into this error: "Cannot validate the lookup service connection: 3" What in the world does that mean? Some blogs say its a faulty password... not my issue, my passwords good, some say check the SSO service... my SSO service is good, I can log in the web client no issues, I can manage my vcenter instance no problem... so my questions are:

1) Has anyone ever replaced those default certs, that is for vcenter, web-client, inventory service, sso, ect..??

2) If you did, please let everyone else know how you did it

3) What could be the issue with this lookup service connection that when attempting to use the VMware released tool, it is unable to validate?

I'm at a total loss, and given I need to replace these certs due to DoD requirements... it's pretty high on the radar.

Any help would be GREATLY appreciated...

pradeepjigalur · ‎11-21-2016

following kb may help:

a.if ur using windows vCenter:

Implementing CA signed SSL certificates with vSphere 5.x (2034833) | VMware KB‌

b.if ur using appliance vCenter:

Creating certificate requests and certificates for vCenter Server 5.5 components (2061934) | VMware ...

hypnoticautopsy · ‎11-22-2016

Thanks,

I'm using the automated tool, but ran into problems... when trouble shooting, I came across some cli commands cause when attempting to replace the certificate for vcenter I get the error message stating the lookup service connection could not be validated. Many searches later, came across this command:

ssolscli.cmd listServices https://ssoserver.domain.com:7444/lookupservice/sdk

Running this command gave me the list of services, I had 6 which were listed... following on, the instructions basically lead me to a path of unregistering the vcenter server from the lookup service by running this command:

ssolscli unregisterSolution -d https://ssoserver.domain.com:7444/lookupservice/sdk -u admin@system-domain -p password -su vCenterServer_YYYY.MM.MM_######

When I run this command, I get an error output of:

Unexpected status code: 404

Return code is: ServiceNotResponding

2

This just put me back to the original issue; the lookup service connection could not be validated. I'm at the end of my knowledge here.. I think the best option vs committing more hours looking for a solution, is to blow the vcenter server away, and start clean..

All

vCenter 5.5 Certificates