VMware Cloud Community
GeeMan9
Contributor
Contributor

Can I renew a Machine SSL certification without reconfiguring a new certool.cfg file

I have an expired Machine SSL certificate, and a Solution User Certificate entitled ' WCP' within my vCenter 7.0 VMWare Essentials build. I need assistance in choosing the least obtrusive options within the VMWare 'Certificate Manager'. I attempted to update my Machine SSL with Option 3 and received the following: Error: The following solution user certificates are expired [wcp]. Solution: Please use Option 8 from the Certificate-manager utility menu to reset the certificates.

Here is the issue:

I don't remember how I started the initial build that created the original certool.cfg file. The Certificate-Manager asks to use/or recreate the certool.cfg file. I fear if I answer the questions wrong during the reconfiguration, I will end up digging my hole deeper. I have attempted to view the contents of the original certool.cfg file only to see what appears to be a default template - with no custom entries.  

Can I get away with just using what has been created in the past without making incorrect entries?

 

If I were to opt to reconfigure the certool.cfg file, these are the prompted questions:

Please configure certool.cfg with proper values before proceeding to next step.

Please enter value for 'Country' (Default value: US) :

Please enter value for 'Name' (Default value: CA) :

Please enter value for 'Organization (Default value: VMware) :

Please enter value for 'OrgUnit' (Default value: VMware Engineering) :

Please enter value for 'State' (Default value: California) :

Please enter value for 'Locality' (Default value: Palo Alto) :

Please enter value for 'IPAddress' (Optional) :

Please enter value for 'email' (Default value: email@acme.com) :

Please enter value for 'Hostname' (Enter valid Fully Qualified Domain Name) :

Please enter value for VMCA 'Name' 

 

I attempted to bypass the reconfiguration of the certool.cfg file, avoiding the above questions and ended up receiving the following options, during my selection of option 8 :

 

Do you wish to generate all certificates using configuration file: Option [Y/N] ?

Certool.cfg file exists, Do you wish to reconfigure: Option [Y/N] ?

You are going to reset by regenerating Root Certificate and replace all certificates using VMCA continue operation: Option [Y/N] ?

 

Not sure how to answer the above questions. Any help/or advice would be greatly appreciated

 

Reply
0 Kudos
3 Replies
scott28tt
VMware Employee
VMware Employee

As your post needs moving to the area for vSphere, I have reported it to the volunteer moderators.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
maksym007
Expert
Expert

Theoretically possible - but I am afraid it still will cause some problems 

Better not to risk

Reply
0 Kudos
GeeMan9
Contributor
Contributor

Prior to receiving any response, at that moment, I went ahead with option 8 w/in the command line of Certificate Manager for my vCenter Server 7.0.

I answered the following questions:

Do you wish to generate all certificates using configuration file: Option [Y/N]? Y

certool.cfg file exists, Do you wish to reconfigure: Option [Y?N]?: N

You are going to reset by regenerating Root Certificate and replace all certificates using VMCA Continue operation: Option [Y/N]?: Y

I received the following error message:

805Z ERROR certificate-manager 'lstool reregister' failed: 1

806Z ERROR certificate-manager please see /var/log/vmware/vmcad/certificate-manager.log for more information

Viewing the log file, it appears that the renewal of the outstanding Machine SSL Certificate was successful, yet certificate-manager did not finish the process. If fact there were no errors/or failures accept for what I have written above. I feel like I'm getting close to resolving my issue, and regaining web access to my vCenter Server.

I researched the above issue and discovered an option to edit a python help file. Which of coarse requires some knowledge in edited a python file. Before I dive into this can anybody shed some light on my situation, and point me in the right direction?

Thank you

 

Reply
0 Kudos