VMware Cloud Community
sunpowered
Contributor
Contributor
‎04-12-2013 12:47 PM

Certificate installation in vCenter Appliance 5.1 fails VC_CFG_RESULT=659

Hi I am trying to follow http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203500...

but I keep getting hung up on

# vpxd_servicecfg certificate change chain.pem rui.key
VC_CFG_RESULT=659

Yet this is sucessfull

# openssl verify rui.crt
rui.crt: OK

My CA is a two tier PKI setup both an offline root CA and an intermediate CA.

I have already tried following

http://communities.vmware.com/thread/418299?start=15&tstart=0
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2037400&sl...

Thanks!

0 Kudos
1 Reply
sunpowered
Contributor
Contributor
‎04-12-2013 02:56 PM

Ok. I figured it out with help from http://www.goitpartners.com/blog/?p=662

I changed hostnames of the system.  It has been a few years since using SLES but I thought that yast would update /etc/hosts?  This posts also mentioned that there is a syntax error in /etc/vmware-sso/register-hooks.d/10-vmware-vshpere-client line 191 so i fixed that too.

I still have a question.  In the KB 2036744 step 9 shows to cat your server cert and chain cert.  Step 10 then shows to copy the resulting output to /etc/ssl/certs.

  • Create the root cert chain required for VPXD/SSO by running the command:

    cat rui.crt rui-ca-cert.pem > chain.pem

  • Add the CA chain to the default location by running the command:

    cp chain.pem /etc/ssl/certs/rootca.pem

    • dont you just want to put your root ca and/or intermediate in /etc/ssl/certs?

    0 Kudos