Running into this problem during our new vCenter 5 infrastructure build out. Wondering if anyone else has run into this before.
We create internally signed certs and use these certs for the virtual center service and for the inventory service. I stop the vCenter service, replace the vCenter certs, reset the DB password and then start the vCenter service. Works fine and am able to login to vCenter, but when I go to start the inventory service (certs for inventory service untouch) it fails. I have worked with this in our lab and there the certs could be replaced separate of one another. Any ideas are welcome.
Thanks
when you did generate your own pfx, what was the password ?
It has to be "testpassword".
openssl pkcs12 -export -in ./certs/rui.crt -inkey ./private/rui.key -name rui -passout pass:testpassword -out ./certs/rui.pfx
If not, the inventory service won't start.
Have you had a look at this post? Maybe this can assist?
http://longwhiteclouds.com/2012/02/07/the-trouble-with-ca-ssl-certificates-and-vcenter-5/
Maish
VMTN Moderator | vExpert
Author of VMware vSphere Design
Thanks for the link (looking it over now), I didn't come accross it during my search for SSL replacement instructions.
when you did generate your own pfx, what was the password ?
It has to be "testpassword".
openssl pkcs12 -export -in ./certs/rui.crt -inkey ./private/rui.key -name rui -passout pass:testpassword -out ./certs/rui.pfx
If not, the inventory service won't start.
Thanks for the help.
I am assuming that setting a password of testpassword is not critical at the "Create Certificate-Signing Requests" step below?
nope, this step does not require a password as "testpassword". Only the keystore (pfx) need it
FYI, this is extremely odd, but we have seen SSL certs work correctly with leaving out the password in our v5 environment.