I am trying to generate a csr for an intermediate certificate server in a new installation of vcsa. After starting certificate-manager and selecting option 2, regardless of the values I enter in the configuration prompt and regardless of whether I edit /usr/lib/vmware-vmca/share/config/certool.cfg, the resulting CA csr does not utilize the values required? Anyone know what I am missing?
Looks like Using the Certificate Manager Utility in vSphere 6.0 does not utilize the Certool.cfg for CSR genera... describes the issue, however it suggests the problem was fixed. Regardless, the alternate syntax worked.
I encounter different issue. any help to fix this
Looks like Using the Certificate Manager Utility in vSphere 6.0 does not utilize the Certool.cfg for CSR genera... describes the issue, however it suggests the problem was fixed. Regardless, the alternate syntax worked.
I have the exact same problem trying to generate the CSR in the latest 6.5 U1e version. I have a case open with VMware, but in the mean time I will try this work around in the morning. Thanks!
Update: It appears to be an issue with the script creating the pubkey file. I don't see the pubkey file when it runs through these commands at the end of exporting the CSR file. I do see the vmca_issued_key.key and vmca_issued_csr.csr, but the csr are default values like your issue.
End of the certificate-manager log file:
2018-01-27T15:53:18.812Z INFO certificate-manager Running command: ['/usr/lib/vmware-vmca/bin/certool', '--genkey', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub']
2018-01-27T15:53:18.952Z INFO certificate-manager Running command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsr', '--privkey', '/tmp/vmca_issued_key.key', '--pubkey', '/tmp/pubkey.pub', '--config', '/var/tmp/vmware/certool.cfg', '--csrfile', '/tmp/vmca_issued_csr.csr']
2018-01-27T15:53:19.17Z INFO certificate-manager CSR generated at: /tmp/vmca_issued_csr.csr
If I run these commands manually the CSR contains the correct info:
/usr/lib/vmware-vmca/bin/certool --genkey --privkey=/tmp/vmca_issued_key.key --pubkey=/tmp/pubkey.pub
/usr/lib/vmware-vmca/bin/certool --gencsr --privkey=/tmp/vmca_issued_key.key --pubkey=/tmp/pubkey.pub --config=/var/tmp/vmware/certool.cfg --csrfile=/tmp/vmca_issued_csr.csr
Just make sure you update the certool.cfb file first
I guess I will take the manual route for now.