VMware Cloud Community
dharmendrarhce
Enthusiast
Enthusiast
‎03-18-2018 05:52 AM

VMware PSC certifate

I have updated VMware PSC root ssl certifate using vcenter web GUI.

After updating certifate i am unable to login other Vcenter .

Getting errror . Error details in the attchmenat.

Someone can help pls .

Preview file
139 KB
0 Kudos
10 Replies
MohamadAlhousse
Enthusiast
Enthusiast
‎03-18-2018 02:35 PM

hi dharmendrarhce​,

Please can we know the version of the PSC controller and whether you have PSCs running in HA mode or just a single external PSC ?

Regards,

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎03-18-2018 06:32 PM

We are using 6.5 version and it is single machine .

0 Kudos
RajeevVCP4
Expert
Expert
‎03-18-2018 10:55 PM

To work around this issue if you are unable to upgrade, copy the /usr/lib/vmware-sso/bin/UpdateLsEndpoint.py file from 6.5 GA for updating the end points.

Vmware KB 2150779

Rajeev Chauhan
VCIX-DCV6.5/VSAN/VXRAIL
Please mark help full or correct if my answer is use full for you
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎03-18-2018 11:17 PM

Ok. is you mean to say that I have to copy the other file from my PSC server to vcenter server in the same location ??

0 Kudos
RajeevVCP4
Expert
Expert
‎03-19-2018 06:49 AM

For further checking please attach recent

vsphere_client_virgo.log

and time stamp when issue occurred

Rajeev Chauhan
VCIX-DCV6.5/VSAN/VXRAIL
Please mark help full or correct if my answer is use full for you
0 Kudos
Vijay2027
Expert
Expert
‎03-19-2018 06:57 AM

Is this PSC behind a LB setup?

0 Kudos
Yuva_1990
Hot Shot
Hot Shot
‎03-19-2018 07:25 AM

Customer mentioned that psc is a single machine ideally there should not be load balancer

0 Kudos
Yuva_1990
Hot Shot
Hot Shot
‎03-19-2018 07:30 AM

Can you help us with the exact version of the psc and Vcenter

Regards

Yuvaraj

0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎03-19-2018 08:03 AM

We have 1 PSC 6.5 Machine with out LB and that is connected with one vcenter 6.5 appliance .

I have root & machine SSL CA certificate . After SSL certificate update We are unable to login in the vcenter

any help ?

0 Kudos
MohamadAlhousse
Enthusiast
Enthusiast
‎03-19-2018 08:49 AM

Hi dharmendrarhce

This error appears if the key length of the root CA is greater than 2048. Keys with 4096 and greater length are causing issues.

If you have a Microsoft CA you can do the following to resolve your issue:

1. Create a CAPolicy.inf in C:\Windows

2. In the CAPolicy.inf put:

     [Certsrv_Server]

     RenewalKeyLength=2048

     RenewalValidityPeriod=Years

     RenewalValidityPeriodUnits=10

3. Renew the CA root certificate and accept regenerating the key and you’re done.

4. Reset PSC and VCSA certificate and import the new generated SSL certificates again.

Regards,

Mohamad

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN
0 Kudos