This is known issue. Since you have replaced SSL certificates at vSphere level, you have to restart VAMI service to reflect changes on VCSA itself. Log in to the vCenter Server Appliance through SSH and then execute /etc/init.d/vami-lighttp restart
login to VCSA management interface with fresh browser session and check if it works.
Thanks for the tip. Restarting the vami-lighttp service did allow the new VMCA issued certificate to become active. But the new certificate fails IE/Chrome test (on :5480). The "same" certificate tests fine via https:// or https://fqdn/psc I say same certificate because both web portals show the same thumbprint for the certificate. Pretty interesting situation......
Yes, the certificate is a accepted Windows CA "chained" certificate. By that I mean when the IE or Chrome browser accesses http://fqdn or https://fqdn/psc, there is no reported issues. Examining the certificate from the browser shows a "valid" certificate, and the certificate path extends up to my domain CA root certificate.
When I access the https://fqdn:5480 portal, IE/Chrome refuses, Firefox allows an exception. IE reports:
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
The certificate thumprint matches, so this is the same certificate used on all 3 web portals....
I had the same issue and this fixed it for me. I am running 6.5.
vCenter Server Appliance 6.5:
- Log in to the vCenter Server Appliance through SSH.
- Type shell and press Enter.
- Copy CA cert chain to:
- Open the /opt/vmware/etc/lighttpd/lighttpd.conf file using a text editor:
- Add the entry:
- Restart the VAMI service:
Sorry to bump. Where do you find the CA Cert chain? I am having the same issue, and my cert is a .cer
Yes, this is known issue. If certificate is reflecting on web client for vCenter and PSC but not on vami interface, port 5480. Restart vami service