VMware Cloud Community
cemago
Contributor
Contributor
‎06-07-2022 06:05 AM

Machine SSL Certificate about to expire

Hi,

I am looking for some help since I am new on vSphere certificates. We have vSphere 7.0. The current Machine SSL Certificate has been working for the last 2 years, but it is about to expire. I tried to renew it from vSphere, but I got an error saying "invalid input certificate: DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN".

The VCA hostname is localhost, and the local host name is the IP address of the vCenter server (192.168.42.24). That is how it was configured by default and the Machine SSL Certificate worked fined. 

We do not have a Domain Server and I have been told that the vCenter cannot belong to any domain. Does anyone know how I can renew the certificate without having to make any DNS or FQDN changes? 

I have been searching, but I am totally lost what I can do.

Regards,

Cesar

Preview file
97 KB
0 Kudos
2 Replies
Arniczek
Contributor
Contributor
‎03-15-2023 05:25 AM

Did you resolve your problem.?

Same situation here.

0 Kudos
Lalegre
Virtuoso
Virtuoso
‎03-15-2023 07:39 AM

Hello @cemago ,

This basically is wrong from the scratch, because vSphere 7 relies 100% on name resolution, meaning that the IP should be resolvable to a FQDN, not need to be joined to a Domain but to have a DNS record.

The error you are receiving is because of that, and what you should do first is update the vCenter "localhost" to a proper FQDN by changing the PNID: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vcenter.configuration.doc/GUID-F46D...

Once you do that, a new certificate will be created, but it will be self-signed, now, if later you want to change it to a custom one, you can follow the same procedure to generate a new Machine SSL.

 

Tags (1)
0 Kudos