We are trying out vCenter Operations Manager and after I got it installed I went to do the initial setup and got this certificate error.
"Certificate expired on 4/25/09 5:51 AM. Cannot proceed with the requested action."
I don't know what certificate its referring to or how to fix it. Any ideas?
Check the Certificate of the vCenter Server with IP Address 10.100.10.27.
Depending on when the vcenter was originally installed, it may have a certificate that only had a 2 year expiration.
You should be able to use OpenSSL to check the expiry dates of the Certificate. If you need to generate new certificates, then check this KB out:
http://kb.vmware.com/kb/1009092
Best Regards,
Jon Hemming
Check the Certificate of the vCenter Server with IP Address 10.100.10.27.
Depending on when the vcenter was originally installed, it may have a certificate that only had a 2 year expiration.
You should be able to use OpenSSL to check the expiry dates of the Certificate. If you need to generate new certificates, then check this KB out:
http://kb.vmware.com/kb/1009092
Best Regards,
Jon Hemming
How would I check to see if its expired? It says OpenSSL comes with ESX but not ESXi which is what we are using. I cant seem to find anywhere how to even check if the certificate is expired. I was told our original version of vCenter was either 2.5 or 3 and we are at 4.1 now.
And what exactly are these certificates used for? I noticed in the vCenter settings that you can use SSL to verify connections to the hosts etc but we aren't using that option.
I just noticed our rui.key file has a date of 4/25/2007 which is 2 years exactly prior to what the error says.
I got the OpenSSL for Windows and am trying to regenerate the key but get an error after I run the command
openssl.exe req -new -x509 -days 3650 -sha1 -nodes -key rui.key -out rui.crt -subj "fqdn_of_VC"
I put the FQDN of the vCenter server in there and tried it with and without quotes.
Here is what I get after running it:
Loading 'screen' into random state - done
Subject does not start with '/'.
problems making Certificate Request
I had to run another command first to get past a different error message that said WARNING: can't open config file: /usr/local/ssl/openssl.cnf
This is the command that fixed that warning error
set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg
We have an ESX server at a remote site so I did it using that and followed these instructions.
http://blog.eeg3.net/2012/07/23/vcenter-operations-expiredcertificateexception/