VMware Cloud Community
Andrew_Keller_C
Enthusiast
Enthusiast

SSL Certificate Upgrade Gone Wrong

A bit ago I upgraded to vCenter 5.1 with two servers. The SSO and web client on one server and the vcenter service and the inventory service on the other. Had everything running great, no errors.

Decided to update the certificates to CA signed ones.

Started with the manual SSL update process (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203483...) and completed step 1. without issue.

Moved to step two, and got to step 19 (within step 2). The first bullet succeeded, but the second two failed. Now, in View Administrator, both Composer and vcenter show up red. Also, can no longer log into vCenter through the SSO webpage - receive the error "failed to connect to VMware Lookup Service https://SERVER:7444/lookupserver/sdk - SSL certificate verification failed". Can still log in to vCenter directly through the client.

Didn't find much support on what to do from then on, so I decided to try the automated SSL tool instead.

Started with (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=204160...) and made it to the "generated" step 1, which is to update the Single Sign-On SSL certificate.

Got to the part where it asks for the SSO master password. It won't accept anything I put in. This is the Admin@system-domain password, correct? My password has an & in it, which I think may be messing it up. I can't change my password since I can't log in through the web client.

So now, I am kinda stuck and not sure what to do. Advice?

Reply
0 Kudos
3 Replies
Andrew_Keller_C
Enthusiast
Enthusiast

Nothing? How about just the last question then. When it asks for the SSO master password, is looking for the password associated with the admin@system-domain account, or something else entirely?

Reply
0 Kudos
Andrew_Keller_C
Enthusiast
Enthusiast

I've been able to reset the admin password using "rsautil reset-admin-password --master-pwd masterpass --admin-name admin --admin-pwd your-new-password", so I know my SSO master password. I believe that in the SSL Automation tool, it doesn't like me having an & in my password, and is throwing the error that the password is incorrect.

Anyone know a way around this?

Reply
0 Kudos
smpfhlb
Contributor
Contributor

I am having the same issue and have confirmed that I am using the correct Master Password. Looks like a support call is in order.

Reply
0 Kudos