Hi, we are running a vCenter 5.1 U1c environment, along with SSO 5.5. SSO is installed on a different Server to vCenter/WebServices.
I have created all the necessary certificates, however when using Automation Tool 1.0.1 to update the SSO Certificates I get the error:
The service is not installed on that machine.
I have checked the SSO Services and the following services have all started:
* VMware Certificate Services
* VMware Directory Services
* VMware Identity Management Services
* VMware KDC Services
* VMware Secure Token Services
Any thoughts?
How to replace default certificate for SSO 5.5 ? The steps are below.
Perform these steps on machines where Single Sign-On is installed:
vmdircert.pem
and vmdirkey.pem
files (located at C:\ProgramData\VMware\CIS\cfg\vmdird
).vmdircert.pem
file and save it as vmdircert.crt
.vmdircert.crt
file to open it and click the Details
tab. Scroll down to Subject Alternative Name and record the IPv4 and DNS name.C:\temp
:mkdir C:\temp
cd C:\temp
"C:\Program Files\VMware\Infrastructure\VMware\CIS\vmcad\certool.exe" --genkey --priv=priv.key --pub=pub.key
"C:\Program Files\VMware\Infrastructure\VMware\CIS\vmcad\certool.exe" --genCIScert --priv=priv.key --Name=VMWareDirectoryService --FQDN=FQDN_DNS_NAME --IP=IP_address --cert=cert.crt --port=11711
copy priv.key C:\ProgramData\VMware\CIS\cfg\vmdird\vmdirkey.pem
Yes
.copy cert.crt C:\ProgramData\VMware\CIS\cfg\vmdird\vmdircert.pem
Yes
.Start
> Run
, type services.msc
, then press Enter.VMware Directory Service
and click Restart
.Please see the below kb article for more info.
VMware KB: Resolving OpenSSL Heartbleed for VMware vCenter Server 5.5
When applying certs for SSO , are you running SSL Automation tool on vCenter Machine or SSO machine .
If SSO is installed on a separate machine then SSL Certificate Automation Tool must be deployed on the machine running the services.
Reference KB - http://kb.vmware.com/kb/2057340
How to replace default certificate for SSO 5.5 ? The steps are below.
Perform these steps on machines where Single Sign-On is installed:
vmdircert.pem
and vmdirkey.pem
files (located at C:\ProgramData\VMware\CIS\cfg\vmdird
).vmdircert.pem
file and save it as vmdircert.crt
.vmdircert.crt
file to open it and click the Details
tab. Scroll down to Subject Alternative Name and record the IPv4 and DNS name.C:\temp
:mkdir C:\temp
cd C:\temp
"C:\Program Files\VMware\Infrastructure\VMware\CIS\vmcad\certool.exe" --genkey --priv=priv.key --pub=pub.key
"C:\Program Files\VMware\Infrastructure\VMware\CIS\vmcad\certool.exe" --genCIScert --priv=priv.key --Name=VMWareDirectoryService --FQDN=FQDN_DNS_NAME --IP=IP_address --cert=cert.crt --port=11711
copy priv.key C:\ProgramData\VMware\CIS\cfg\vmdird\vmdirkey.pem
Yes
.copy cert.crt C:\ProgramData\VMware\CIS\cfg\vmdird\vmdircert.pem
Yes
.Start
> Run
, type services.msc
, then press Enter.VMware Directory Service
and click Restart
.Please see the below kb article for more info.
VMware KB: Resolving OpenSSL Heartbleed for VMware vCenter Server 5.5
Hi
Welcome to communities.
Here is the details
http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf.
Thanks. I managed to resolve it. We were running vCenter 5.1 but also running SSO 5.5 on a separate workstation. So I ran the correct Automation Tools with the corresponding versions and this worked.