Has anyone tried this already? The instructions say to point SSO to the PSC on port 443. The lab environment doesn't seem to like it -- my PSC is external to my vCenter. Everything is on the same VLAN and no firewalls exist between the BDE management server and the vCenter 6.0 appliance.
[root@88 ~]# /opt/serengeti/sbin/EnableSSOAuth https://psc1.atom.ut1.cpt.adobe.net:443/lookupservice/sdk
Intializing registration provider...
Getting SSL certificates for https://psc1.atom.ut1.cpt.adobe.net:443/lookupservice/sdk
com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
Return code is: SslHandshakeFailed
Please check if sso lookup serivce https url is correct, and sso services work normally.
[root@88 ~]# host psc1.atom.ut1.cpt.adobe.net
psc1.atom.ut1.cpt.adobe.net has address 10.30.20.86
[root@88 ~]# ping -c 3 psc1.atom.ut1.cpt.adobe.net
PING psc1.atom.ut1.cpt.adobe.net (10.30.20.86) 56(84) bytes of data.
64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=1 ttl=64 time=0.358 ms
64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=2 ttl=64 time=0.249 ms
64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=3 ttl=64 time=0.383 ms
--- psc1.atom.ut1.cpt.adobe.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.249/0.330/0.383/0.058 ms
Here is a similiar issue which might help : VMware KB: vSphere Web Client displays the error: Failed to verify the SSL certificate for one or mo...
Hi Cmutchle,
Check the serengeti.propertes under /opt/serengeti/conf if the below two lines are added:
sts=https://{sso_server_host}:443/sts/STSService/{sso_domain}
sts_crts_dir = /opt/serengeti/ssotool/ssoData
The two lines are added automatically after you execute EnableSSOAuth script and it will also generate installation.log under /opt/serengeti/ssotool, provide me the log file.
Here is a similiar issue which might help : VMware KB: vSphere Web Client displays the error: Failed to verify the SSL certificate for one or mo...
Jesse,
Thanks. I found that this morning and found the issue was within the external PSC that I had deployed. For some (unknown) reason there were duplicate entries for every vCenter service. I rebuilt the PSC and vCenter appliances and that sorted things out right away.
Thanks.
--
Chris.