Hi everybody,
I need to put a custom SSL certificate on the VRNI UI platform appliance.
I have followed the procedure and I can see the .crt and .key files with the custom-cert input.
(cli) custom-cert list
vrni.crt
vrni.key
But, it's like the both files are not there.
(cli) custom-cert display
No file with .crt extension found
(cli) custom-cert apply
Failed to find cert file
The .key file is in RSA format and .crt in PKCS12.
Is there another prerequisite ?
Patrice
Hi Patrice,
Could you tell me what documentation you followed ?
Could you also print me the first lines of your key file ? There was a known issue about the format of the key file which would make vRNI not to validate.
Thank you !
Regards,
Kevin
seems i have similar issue
(cli) custom-cert apply
Failed to find key file
validation .. i used same KB - 2148128
.key: ASCII text
.crt: PEM certificate
Hello @NXS_Devops,
Some questions:
1. Have you added the FQDN on the SAN and Common name?
2. Is the certificate and key in Base64 encode?
3. Does the certificate contain the full chain? Server -> IntermediateCA -> RootCA?
Have you followed this procedure: https://kb.vmware.com/s/article/2148128?
I was going to give up on this, tried official guide https://kb.vmware.com/s/article/2148128 and many other guides and still no joy, it still complained "Failed to find key file".
Found another guide at https://harrythambi.com/posts/vrni/2022-08-14-replacing-certificates-for-vmware-vrealize-network-ins... , it seems the difference is that there is a step to “fix” the headers in the key file, by running the following commands:
sed -i 's/-----BEGIN PRIVATE KEY-----/-----BEGIN RSA PRIVATE KEY-----/g' vrni_key.key
sed -i 's/-----END PRIVATE KEY-----/-----END RSA PRIVATE KEY-----/g' vrni_key.key
Before that fix , when I tested the key file with "file vrni_key.key" it was showing "ASCII text", only after fixing headers it showed "PEM RSA private key".
There seems to be a bug in certain versions of OpenSSL where the file type of an RSA Private key shows to be "ASCII text", funny thing is that even when you generate the key in VRNI 6.10.0.1680883302 it still has this bug and the headers need to be fixed for the key to be valid.