LukeLegend
Contributor
Contributor

Generating a certificate request to get the PSC to act as an intermediary CA results in a error (vSphere 6.5)

I'm currently trying to generate a certificate request so I cant go through the process of getting our PSC setup as an intermediary CA.

After logging into the PSC as administrator@vsphere.local via SSH and running the ./certificate-manager tool and selecting option "2" I get the following errors.  I believe I should be getting prompted to confirm my credentials instead, any idea's ...

                 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

                | |

                |      *** Welcome to the vSphere 6.0 Certificate Manager  ***                                                                                     |

                | |

                |                   -- Select Operation -- |

                | |

                |      1. Replace Machine SSL certificate with Custom Certificat e     |

                |                                                                                                                                                  |

                |      2. Replace VMCA Root certificate with Custom Signing |

                |         Certificate and replace all Certificates |

                |                                                                                                                                                  |

                |      3. Replace Machine SSL certificate with VMCA Certificate |

                | |

                |      4. Regenerate a new VMCA Root Certificate and                                                                                               |

                |         replace all certificates |

                | |

                |      5. Replace Solution user certificates with                                                                                                  |

                |         Custom Certificate |

                |                                                                                                                                                  |

                |      6. Replace Solution user certificates with VMCA certifica                                                                             tes   |

                | |

                |      7. Revert last performed operation by re-publishing old |

                |         certificates |

                | |

                |      8. Reset all Certificates                                                                                                                   |

                |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|

Note : Use Ctrl-D to exit.

Option[1 to 8]: 2

Traceback (most recent call last):

  File "./certificate-manager", line 716, in <module>

    exit(main())

  File "./certificate-manager", line 710, in main

    parse_arguments()

  File "./certificate-manager", line 689, in parse_arguments

    initialize_ops()

  File "/usr/lib/vmware/site-packages/cis/certificateManagerUtils.py", line 72, in initialize_ops

setupLogging('certificate-manager', logMechanism='file', logDir=logDir)

  File "/usr/lib/vmware/site-packages/cis/utils.py", line 122, in __init__

rotate_bytes=rotate_bytes, rotate_count=rotate_count)

  File "/usr/lib/vmware/site-packages/cis/utils.py", line 154, in _setupFileLogging

    fileHandler = logging.FileHandler(logFile)

  File "/usr/lib/python2.7/logging/__init__.py", line 913, in __init__

StreamHandler.__init__(self, self._open())

  File "/usr/lib/python2.7/logging/__init__.py", line 943, in _open

    stream = open(self.baseFilename, self.mode)

IOError: [Errno 13] Permission denied: '/var/log/vmware/vmcad/certificate-manager.log'

nobody@pvsvr0064 [ /usr/lib/vmware-vmca/bin ]$ timed out waiting for input: auto-logout

Command>

0 Kudos
1 Reply
planetshoots
Contributor
Contributor

Hi

Login as root and try ./certificate-manager tool it will ask for admin credentials where you have to enter administrator@vsphere.local credentials

0 Kudos