SteffenNetgroup
Contributor
Contributor

Problems replacing expired ssl cert. with new wildcard cert.

Hello,

Scenario:

We have a virtual center server 2.5.0 build 147633 running on a windows 2003 r2 32bit with a sql2005 server attached.

Situation:

Our

current ssl certificate (john.doe.com, not self signed) has expired and

needs to be replaced with a new wildcard certificate. ('.doe.com, not

self signed)

We have the necesary .crt and .key files and have generated the .pfx using openssl.

The

problem arise when we replace the old certificates with the new ones,

we can't start the virtual center service, and get the oh so informing

error 1067

(exact text: could not start the vmware virtualcenter

server service on local computer. Error 1067: the process terminated

unexpectedly.)

In the event log the only thing logged is eventID 7031: the vmware virtualcenter server service terminated unexpectedly.

This happens even after we enter a new db password (or the old one) with vpxd -p.

When

we change back to the expired certificate and put in the original

password with vpxd -p it works again, only the certificate is obviously

expired.

We do not use ssl between VC and the hosts.

Can anyone give us a hint as where to look to resolve this? we have read multiple articles including:

http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

http://communities.vmware.com/thread/133382

http://communities.vmware.com/thread/198459

Without comming any closer to an answer...

Any constructive input is much appreciated Smiley Happy

0 Kudos
1 Reply
SteffenNetgroup
Contributor
Contributor

Found the cause, our wildcard cert was created using 2048bit, and according to this: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100987... that isnt supported in virtual center... Smiley Sad

0 Kudos