VMware Cloud Community
Tom2k
Enthusiast
Enthusiast

Unable to create SSL key store. Identity Appliance

Hello,

when i try to import a Certificate to the Identity Appliance, i get the error message Unable to create SSL key store.

Have anyone an solution?


Could anyone ever sucessfully replace all certificates from the vcac 6.0?


Thanx

Tags (2)
Reply
0 Kudos
4 Replies
VCDX24
Contributor
Contributor

Hi Tom did you ever get this working as I have the same issue.

I have followed a couple of blog posts and both produce the same error 'Unable to create SSL key store.'

http://fojta.wordpress.com/2013/12/12/vcac-6-how-to-generate-signed-certificates/

http://grantorchard.com/vcac/implementation/replacing-vcac-6-0-appliance-certificates/

This one has me stumped but I will keep trying and get you an answer as I need to fix.

Reply
0 Kudos
Tom2k
Enthusiast
Enthusiast

Hi VCD,  thanks for your links!

Yesterday night I could solve the problem. In our case it was a Problem with the Certificate Chain (Private key was good). My Security Guy convert this one in the PEM Format and now it works!

Now we are trying to replace all certs, but we had a lot of trouble to make this in our exsiting enviorment (iaas Server didn't start the vcac services). So i have to reinstall all machines with the new certs.

After the new deployment of all appliance was my proceed the follow:

  1. configure idenity appliance and replace SSL
  2. configure vcac appliance and replacce SSL
    1. connect vcac to the identity
  3. install iaas sever as complete solution
    1. change the SSL key in the IIS (incl. binding)
    2. update keys iaas Update the vCloud Automation Center Appliance with the IaaS Certificate
  4. it works!

I try to install the iaas Server with the custom varriation, but this didn't work because the repository access was denied!

But it is possible that was a local problem with our AD domin (we use sub domains and we have somtimes problems with it).

So i hope you can solve your problem, too Smiley Happy

Reply
0 Kudos
VCDX24
Contributor
Contributor

Hi Tom

Still have issues today. Could you send me the steps you used for creating your certificates and the steps you used to convert to the correct format please.
thanks

Kev.

Reply
0 Kudos
Aronov
VMware Employee
VMware Employee

Hello,

In VCAC 6.0 there are certificates for

1. The identity Appliance

2. The VCAC Appliance

3. The IaaS components.

Updating these certificates requires updating the appliances that use them. it is all described in the Post installation tasks in the documentation

http://pubs.vmware.com/vCAC-60/index.jsp#com.vmware.vcac.install.doc/GUID-F493819D-D4FB-4854-BEC4-29...

Things become a bit tricky when you are installing a distributed environment since all the legs behind the LB need to share the same certificate (so you will get into trouble if you select generate self-signed certificates when installing all the Legs).

Kev, can you please share more details on your environment and what certificates are you attempting to use?

Reply
0 Kudos