obsidianindy's Posts

Hey @BrianCunnie  I followed your instructions from your blog post, even purchasing the exact certificate you purchased and attempted this with vCenter 8. First, I created via    CN=vcenter-80.nono.io # "CN" is the abbreviation for "Common Name" openssl genrsa -out $CN.key 3072 openssl req \ -new \ -key $CN.key \ -out $CN.csr \ -sha256 \ -subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=homelab/CN=${CN}/emailAddress=brian.cunnie@gmail.com" \ -config <(cat <<EOF [ req ] distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = ${CN} EOF )   (obviously, I changed the values). I then requested a certificate from  SSls.com, and we purchased their least-expensive offering, the PositiveSSL 1 domain Comodo SSL. (using the same disclaimer): [We do not endorse either SSLs.com or Sectigo (formerly Comodo); We encourage you to use the reseller and the Certificate Authority (CA) with which you are most comfortable]. They then provided me with the two files.  vcenter.domain.co.crt and vcenter_domain_co.ca-bundle Then we followed the instructions from your blog post: On your vCenter, navigate to Menu → Administration → Certificates → Certificate Management On the __MACHINE_CERT tile, click Actions, select Import and Replace Certificate. Select Replace with external CA certificate(requires private key). Machine SSL Certificate: click Browse File and select vcenter.domain.crt Chain of trusted root certificates: click Browse File and select vcenter_domain_co.ca-bundle Private Key: click Browse File and select vcenter_domain_co.ca-bundle Click Replace. After doing this, vCenter reports: "Error occurred while fetching tls: Invalid input, not a valid PEM formatted Primary Key" I've been beating my head all day with this.  vCenter logs aren't much of a help.  Did you have to do anything else, or am I just missing a step?