0 Replies Latest reply on Aug 8, 2014 8:08 AM by Fluxblocker

    Configuring CA-signed SSL certificates

    Fluxblocker Novice

      We have a single domain with Windows 2008 R2 domain functional level.  There is one Enterprise CA on one of the domain controllers.

      We have a physical vCenter Server on a Windows 2008 x64 box.  We are on the latest version of vSphere 5.5 and VSA (or close to the latest version).

      I was using the instructions in the article:

      VMware KB:     Implementing CA signed SSL certificates with vSphere 5.x  

      to configure certificates signed by a CA in our active directory domain.

      I successfully performed all the steps for vCenter Server and it seems to have worked fine because I no longer get the certificate error when I log on to vSphere Web Client.

      But when I got to the part where I was configuring certificates for the 3 ESXi hosts (we have a 3-host implementation of VSA), I ran into a bit of a hiccup.

      I was using the instructions in this article - VMware KB:     Configuring CA signed certificates for ESXi 5.x hosts  

      After I performed the steps, the VSA-0 virtual appliance (after bringing the host and the vsa-0 appliance back out of maintenance mode) had a red X by it, and there were some error messages (I should have written the error messages down or made screen shots, but it was something to the effect that there was a problem with HA and that the host was no longer protected.  When I right-clicked on the host in vSphere client and selected Reconfigure for vSphere HA, it gave me this error: Reconfigure vSphere HA host esxi.domain.com Operation timed out.  The VSA Storage Data Synchronization ran but the red X next to vsa-0 would not go away.

      I finally went back and put the original SSL certificates back into the /etc/VMware/ssl directory on the host, brought everything back out of maintenance mode, and everything is back to normal and working again.  But I would be most grateful to know what I can do to make the operation a success if I try it again, (or if I should leave well-enough alone).  I will welcome any advice and be thankful for your effort.  I noticed a link to the article below, but it said for versions before 5.0 U1, not for 5.5, and I did not want to try all these steps without being certain.

      VMware KB: After upgrading to vSphere 5, you see the HA error: vSphere HA Cannot be configured on this host because …

      As you can see, the above article does not seem to be a match for this issue, even though the previous article linked me to it.  The article that links to this one says "If you are not running vCenter Server 5.0 U1 or later...", and we are running a later version, so I did not want to go through all of that.  If that article is indeed correct even for versions later than 5.0 U1, and if that is what I need to do, then I guess I am just looking for some confirmation.

      Thanks very much.  I hope that was not too much information!

      Sam