I have an expired Machine SSL certificate, and a Solution User Certificate entitled ' WCP' within my vCenter 7.0 VMWare Essentials build. I need assistance in choosing the least obtrusive options within the VMWare 'Certificate Manager'. I attempted to update my Machine SSL with Option 3 and received the following: Error: The following solution user certificates are expired [wcp]. Solution: Please use Option 8 from the Certificate-manager utility menu to reset the certificates.
Here is the issue:
I don't remember how I started the initial build that created the original certool.cfg file. The Certificate-Manager asks to use/or recreate the certool.cfg file. I fear if I answer the questions wrong during the reconfiguration, I will end up digging my hole deeper. I have attempted to view the contents of the original certool.cfg file only to see what appears to be a default template - with no custom entries.
Can I get away with just using what has been created in the past without making incorrect entries?
If I were to opt to reconfigure the certool.cfg file, these are the prompted questions:
Please configure certool.cfg with proper values before proceeding to next step.
Please enter value for 'Country' (Default value: US) :
Please enter value for 'Name' (Default value: CA) :
Please enter value for 'Organization (Default value: VMware) :
Please enter value for 'OrgUnit' (Default value: VMware Engineering) :
Please enter value for 'State' (Default value: California) :
Please enter value for 'Locality' (Default value: Palo Alto) :
Please enter value for 'IPAddress' (Optional) :
Please enter value for 'email' (Default value: email@example.com) :
Please enter value for 'Hostname' (Enter valid Fully Qualified Domain Name) :
Please enter value for VMCA 'Name'
I attempted to bypass the reconfiguration of the certool.cfg file, avoiding the above questions and ended up receiving the following options, during my selection of option 8 :
Do you wish to generate all certificates using configuration file: Option [Y/N] ?
Certool.cfg file exists, Do you wish to reconfigure: Option [Y/N] ?
You are going to reset by regenerating Root Certificate and replace all certificates using VMCA continue operation: Option [Y/N] ?
Not sure how to answer the above questions. Any help/or advice would be greatly appreciated
As your post needs moving to the area for vSphere, I have reported it to the volunteer moderators.
Prior to receiving any response, at that moment, I went ahead with option 8 w/in the command line of Certificate Manager for my vCenter Server 7.0.
I answered the following questions:
Do you wish to generate all certificates using configuration file: Option [Y/N]? Y
certool.cfg file exists, Do you wish to reconfigure: Option [Y?N]?: N
You are going to reset by regenerating Root Certificate and replace all certificates using VMCA Continue operation: Option [Y/N]?: Y
I received the following error message:
805Z ERROR certificate-manager 'lstool reregister' failed: 1
806Z ERROR certificate-manager please see /var/log/vmware/vmcad/certificate-manager.log for more information
Viewing the log file, it appears that the renewal of the outstanding Machine SSL Certificate was successful, yet certificate-manager did not finish the process. If fact there were no errors/or failures accept for what I have written above. I feel like I'm getting close to resolving my issue, and regaining web access to my vCenter Server.
I researched the above issue and discovered an option to edit a python help file. Which of coarse requires some knowledge in edited a python file. Before I dive into this can anybody shed some light on my situation, and point me in the right direction?