VMware Cloud Community
webdude2000
Contributor
Contributor
‎06-18-2019 11:45 PM

vCAV 3.0 & vCD 9.7 Initial Setup Cert issue

I have most of the environment on self gen certs except for the VCD cells which are on a proper SSL public wildcard cert.

When I run the Initial Setup from vCloud Availability on step 3. vCloud Director, when I enter the URL and VCD administrator@system with the password I use to log in, it gives an error:

Could not find SSL/X509 certificate from "https://my-vcd-url/api" (I changed the URL name for this post)

I thought perhaps the vCAV needed the cert imported, so I then imported the cert under https://url:8441 backend.

Note, I don't have the vCAV setup setup on DNS for the public name, merely internal DNS.

So I am not sure if I needed to import the wildcard cert and if I did, it stands to reason that like with the VCD setup , I need to change to the respective domain name for each vCAV appliance.

Anyone seen this issue?

Reply
3 Replies
Jauneorange972
Enthusiast
Enthusiast
‎06-19-2019 04:46 AM

Hi,

Take a lot on this KB VMware Knowledge Base , the wildcard need to be imported on the management appliance (not the tunnel appliance, i made this error) by away i don't understand why but it works.

The hostname on the management appliance must correspond to the public FQDN without the suffixe dns.

And after all these modification you need to restart services and check all are green on system monitoring.

Best regards

Reply
0 Kudos
KFM
Enthusiast
Enthusiast
‎12-12-2019 10:04 PM

To be clear, the hostname on the actual management appliance does not need to be the same as the public FQDN. In our environment we use our internal naming scheme to assign hostnames to the appliances and everything works fine from the Internet.

The trickiest thing I've found with vCAv is DNS resolution (depending if you're using split DNS) and the firewall rules depending if you deploy the components in the VMware recommended zones (trusted for all components except for the Tunnel which lives in the DMZ).

To the OP - are you still experiencing issues with your deployment?

Reply
paluszekd
VMware Employee
VMware Employee
‎12-13-2019 05:30 AM

1. You can utilize a wildcard cert for the CRM, but it MUST be unique between cloud sites.

2. DNS resolution is imperative for pairing to VCD - especially the communication path. Ensure the vCAv CRM has the proper route to the VCD instance for pairing.

-Daniel

Reply
0 Kudos