VMware Cloud Community
Wasisnt
Contributor
Contributor
‎09-05-2012 01:31 PM
Jump to solution

Operations Manager certificate expired message during setup

We are trying out vCenter Operations Manager and after I got it installed I went to do the initial setup and got this certificate error.

"Certificate expired on 4/25/09 5:51 AM. Cannot proceed with the requested action."

I don't know what certificate its referring to or how to fix it. Any ideas?

Preview file
60 KB
0 Kudos
1 Solution

Accepted Solutions
IamTHEvilONE
Immortal
Immortal
‎09-05-2012 02:19 PM
Jump to solution

Check the Certificate of the vCenter Server with IP Address 10.100.10.27.

Depending on when the vcenter was originally installed, it may have a certificate that only had a 2 year expiration.

You should be able to use OpenSSL to check the expiry dates of the Certificate.  If you need to generate new certificates, then check this KB out:

http://kb.vmware.com/kb/1009092

Best Regards,

Jon Hemming

View solution in original post

0 Kudos
5 Replies
IamTHEvilONE
Immortal
Immortal
‎09-05-2012 02:19 PM
Jump to solution

Check the Certificate of the vCenter Server with IP Address 10.100.10.27.

Depending on when the vcenter was originally installed, it may have a certificate that only had a 2 year expiration.

You should be able to use OpenSSL to check the expiry dates of the Certificate.  If you need to generate new certificates, then check this KB out:

http://kb.vmware.com/kb/1009092

Best Regards,

Jon Hemming

0 Kudos
Wasisnt
Contributor
Contributor
‎09-05-2012 02:44 PM
Jump to solution

How would I check to see if its expired? It says OpenSSL comes with ESX but not ESXi which is what we are using. I cant seem to find anywhere how to even check if the certificate is expired. I was told our original version of vCenter was either 2.5 or 3 and we are at 4.1 now.

And what exactly are these certificates used for? I noticed in the vCenter settings that you can use SSL to verify connections to the hosts etc but we aren't using that option.

0 Kudos
Wasisnt
Contributor
Contributor
‎09-05-2012 03:00 PM
Jump to solution

I just noticed our rui.key file has a date of 4/25/2007 which is 2 years exactly prior to what the error says.

0 Kudos
Wasisnt
Contributor
Contributor
‎09-05-2012 04:21 PM
Jump to solution

I got the OpenSSL for Windows and am trying to regenerate the key but get an error after I run the command


openssl.exe req -new -x509 -days 3650 -sha1 -nodes -key rui.key -out rui.crt -subj "fqdn_of_VC"


I put the FQDN of the vCenter server in there and tried it with and without quotes.


Here is what I get after running it:


Loading 'screen' into random state - done
Subject does not start with '/'.
problems making Certificate Request



I had to run another command first to get past a different error message that said WARNING: can't open config file: /usr/local/ssl/openssl.cnf


This is the command that fixed that warning error
set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg
0 Kudos
Wasisnt
Contributor
Contributor
‎09-05-2012 05:38 PM
Jump to solution

We have an ESX server at a remote site so I did it using that and followed these instructions.

http://blog.eeg3.net/2012/07/23/vcenter-operations-expiredcertificateexception/

0 Kudos