Andr3201110141
Enthusiast
Enthusiast

As it always goes, I made progress right after my last post.

After getting the error, it seems that the certificate is put in place, because if you browse to https://vcenter:7444/lookupservice/sdk, the correct certificate does appear. I then ran OpenSSL s_client to verify that the certificate is valid and this is what I got:

vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -status ### The command I ran the first time

CONNECTED(00000003)

OCSP response: no response sent

depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

verify error:num=19:self signed certificate in certificate chain ### Seems the appliance doesn't like the self-signed certificate

verify return:0

---

Certificate chain

0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za

   i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

   i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIID9jCCAt6gAwIBAgICAS.......FBQAwfjELMAkGA1UEBhMCWkEx

-----END CERTIFICATE-----

subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za

issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

---

No client certificate CA names sent

---

SSL handshake has read 2309 bytes and written 441 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : AES256-SHA

    Session-ID: 540771BD58058D6BD2F7C0B673A0D5740FC964C9179DC83DDA9EDA0BCAEB06C7

    Session-ID-ctx:

    Master-Key: 8BDD035D2FCB5645DECF21B5BB26B6C46C6A964DBD8B5E54EA4CEF1893B75E2D2C2C904E1162B808BA7BBD5CFDDEE22E

    Key-Arg   : None

    Start Time: 1409774013

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate chain) ### The return code 19, as seen above, is and error

---

vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -CApath /etc/ssl/certs ### This time I ran it while specifying the folder where my root CA is kept

CONNECTED(00000003)

depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

verify return:1 ### No error this time.

depth=0 /C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za

verify return:1

---

Certificate chain

0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za

   i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

   i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIID9jCCAt6gAwIBAgI......wfjELMAkGA1UEBhMCWkEx

-----END CERTIFICATE-----

subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za

issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA

---

No client certificate CA names sent

---

SSL handshake has read 2309 bytes and written 465 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : AES256-SHA

    Session-ID: 54077230E37AC53541373C907E213A8ED19EA02DF5EAFA47C28BF114DA3D68E1

    Session-ID-ctx:

    Master-Key: F8226AA2B758500D90B0137632F14752FB617E749577C7B4826CD541B1DE6D8BA8F4C3FA24CE59F734E8D5176D1F43AB

    Key-Arg   : None

    Start Time: 1409774128

    Timeout   : 300 (sec)

    Verify return code: 0 (ok) ### This time the cert is OK

Turning my attention to the 02-inventoryservice script...

Good design comes from intelligence.
Reply
0 Kudos