Hi,
As stated in the release notes for the last version
http://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510a-release-notes.html
I ran into the problem described by the note:
Updated When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access.This error occurs after you replace the default vCenter Single Sign On server's SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.
I tried following the kb 2037927 but I'm just not able to make it work. I also think to have seen almost every article out there but I'm still not able to find the solution.
Following the official solution, this is what happens to me.
First error is when trying to do this:
openssl pkcs12 -export -in rui.crt -inkey rui.key -certfile carootcert.cer -name "rui" -passout pass:testpassword -out rui.pfx
kb doesn't say where rui.crt is located, no "locate" command but I managed to find it any way under /etc/vmware-vpx/ssl. After running the command, I receive this error:
Same problem... Does anyone has complete resolution list of steps?
I think the location would be /usr/lib/vmware-logbrowser/conf and instead of using carootcert.cer in the above command, it would be rui-ca-cert.pem(This is assuming you have generated self signed certs). If these are custom certs, you can try copying the root cert to this location and trying out the command.
Regards
Girish
Hi! Yes it's possible to use cacert.pem file from ...logbrowser/conf/ directory and final rui.jks file will be added successfully, but the initial problem will stay...
Did you restart the vmware-logbrowser and the vsphere-client services?
Regards
Girish
Of course. Once the new chain was accepted the message appeared, which suggested to restart services . I restart all services as it described in 2037927
Hmm...in your logbrowser.properties file, what is the value for this entry "sso-certs"?
Try pointing it to the SSO cert located in /etc/ssl/certs/Embedded-SSO-Server-Root-CA.pem
So now it should be:
sso-certs=/etc/ssl/certs/Embedded-SSO-Server-Root-CA.pem
and then restart logbrowser service.
Regards
Girish
Hi! In my case vCenter is not appliance, so now I have this in 'logbrowser.properties':
'sso-certs=%PROGRAMDATA%/VMware/SSL/ca_certificates.crt'
looks like you've suggested something like this or not?