Solved: Just upgraded vcenter from 5.0 to 6.0u2. How do y...

cypherx · ‎06-10-2016

We were a vSphere 5.0 shop for many years and enjoyed the C# client from 4.0, 4.1 and then 5.0 days. We just upgraded to 6.0 update 2 this week and while we still are primarally used to the C# client and will use it for some time to come, I am trying to get used to the web client for the new features that are only accessible in it, like SRM and VR.

I was able to click through the numours nag screens to get in via Firefox after all those certificate warnings, and even easier simply click the one or two things in Chrome or IE to get in. However how would I eliminate the certificate errors altogether? Example, right now I'm in with Chrome but the https:// in the address bar is red with a slash through it.

In most every other web based appliance or connection we have, like HP iLO, Dell iDrac etc... we usually create a CSR on that device and submit it to our internal Windows CA and get a file back to return to the appliance. Is there a way to do that with the web client? We have a "Web Server 2" certificate template that generates the sha256 certificate back, and inherently all domain devices trust it because the domain imports our Root CA.

Also we run services like vSphere replication and SRM, I wouldn't want any certificate changes affect that or even vSphere Update Manager. We have two sites HQ and DR.

cypherx · ‎06-13-2016

I ended up getting rid of the cert errors by following this page: vSphere 6 SSL certificate Replacement / Implementation using the Certificate-Manager automation tool

I followed the procedures for "Replace Machine (Reverse HTTP Proxy) Certificate with Custom Certificate" and just that. I didin't mess with VMCA Root certificate with custom signing certificate because its seemed to me like it wanted to make a never ending number of certificate signing requests and keys. But the first option taken to our Windows Internal CA took care of it.

For vSphere replication 6.1.1 I had to power off the vSphere replication virtual appliances through vSphere web client, and then power them back on. Then sign into their web management URL's (port 5490) and do the reconnect to the vsphere in the connection tab, where it prompted to accept the new certificate.

For VUM I had to run the VMwareUpdateManagerUtility.exe under C:\Program Files (x86)\VMware\Infrastructure\Update Manager and do the third option to re-register to vCenter, then restart the service.

Surprisingly SRM sites stayed paired although I've read some people have difficulty with that. I'm on 6.0 update 2 and I think one of the issues was fixed in 6.0 Update 1b.

View solution in original post

cypherx · ‎06-13-2016

I ended up getting rid of the cert errors by following this page: vSphere 6 SSL certificate Replacement / Implementation using the Certificate-Manager automation tool

I followed the procedures for "Replace Machine (Reverse HTTP Proxy) Certificate with Custom Certificate" and just that. I didin't mess with VMCA Root certificate with custom signing certificate because its seemed to me like it wanted to make a never ending number of certificate signing requests and keys. But the first option taken to our Windows Internal CA took care of it.

For vSphere replication 6.1.1 I had to power off the vSphere replication virtual appliances through vSphere web client, and then power them back on. Then sign into their web management URL's (port 5490) and do the reconnect to the vsphere in the connection tab, where it prompted to accept the new certificate.

For VUM I had to run the VMwareUpdateManagerUtility.exe under C:\Program Files (x86)\VMware\Infrastructure\Update Manager and do the third option to re-register to vCenter, then restart the service.

Surprisingly SRM sites stayed paired although I've read some people have difficulty with that. I'm on 6.0 update 2 and I think one of the issues was fixed in 6.0 Update 1b.

All

Just upgraded vcenter from 5.0 to 6.0u2. How do you eliminate the certificate error in web client?