Anyone know why a 6.7 vCenter appliance would fail to accept new solution user certificates in both the UI and the CLI (Certificate-Manager)?
Specifics:
- 6.7U3C vCenter appliance in Enhanced-Linked mode
- Machine SSL certificate replaced without issue
- The VPXD, VPDX-extension, machine, and vsphere-webclient certificates will not replace
- There are no wild cards in the certificates [SANs or CNs, etc.]
- All of the vCenters in the environment have the same certificate templates and are the same, but they were upgraded to 6.7. This one is new.
The certificates were generated using open-ssl.
The template uses 4096, what should be the proper enhanced attributes, includes the corresponding type in the CN [e.g. machine-FQDN, VPXD-FQDN, etc.].
This is really odd.
GB
Could you check /var/log/vmware/vmcad/certificate-manager.log and search for any errors?
have you used different certs for solution users or are you using the same one which you have used for MACHINE_SSL?
pls share the certificate-manager.log here and we can let you know whats going wrong there
thanks,
MS
Checked the logs... the errors don't tell you anything useful:
ERROR certificate-manager <date> <Time> Updating certificate for "com.vmware.vim.eam" extension
ERROR certificate-manager <date> <Time> Updating certificate for "com.vmware.rbd" extension
ERROR certificate-manager <date> <Time> Updating certificate for "com.vmware.imagebuilder" extension
Then there is:
ERROR certificate-manager {
"translatable" : "An error occurred while invoking external command : '%(0)s'"
"localized" : "An error occurred while invoking external command: 'None'"
"Error while starting services, please see service-control log for more details"
I'm not certain where the service-control.log is, as it's not showing up in any of the KBBs for vCenter logs (6.x). Humph.
service-control.log i located as below:
root@**** [ ~ ]# find . / | grep service-control.log
/storage/log/vmware/cloudvm/service-control.log
root@**** [ ~ ]#