Good afternoon.The term of our language language language SLL certificate for vCenter server and 6.5 expired 06.03.2019 and after connecting to the vCenter server and through the web interface I got an error like : Based on the current configuration, the SSL certificate of the authentication server was not trusted. VCenter is managed through the vCenter Server Appliance Web interface (version 6.5)I tried to generate a certificate using this article:https://youtu.be/oRo9V1YWSJM .But as a result of the set process, there were errors like Don't Update and an attempt to roll back to the previous settings and also Do'nt Update. As a result, now turning at https://vcenter.spbren.ru quite inaccessible page of the web interface.
We have our own internal certification authority and VMware vSphere Appliance Management Embeded PSD, which for some reason issued some other certificate.
What I tried to do:
1. https://kb.vmware.com/kb/2112283 According to this recommendation, we tried to reset the certificates to self-signed, so that we could use vCenter via the Web interface. But every time we try to get a RollBack of the form:
According to this recommendation, we tried to reset the certificates to self-signed, so that we could use vCenter via the Web interface. when attempting to reset SSL certificates when requesting the default configuration, it is mandatory to specify hostname and VMCA.
- Tried hostname and FQDN and comma separated, useless;
- when you select items 4 and 8, the situation is similar and all actions go to the "rollback" of the operation and also fail.
root@vcenter [ ~ ] # hostname
vCenter server
root@vCenter server [ ~ ]# /usr/lib/VMware vmfs/bin/vmafd-CLI and you-pnid --server localhost vcenter.spbren.ru
In both cases, tried and domain name and short, the result is the same:
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:administrator
Enter password:
- certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y Press Enter key to skip optional parameters or use Previous value.
Enter proper value for 'Country' [Previous value : RU] :
Enter proper value for 'Name' [Previous value : vcenter.spbren.ru] :
Enter proper value for 'Organization' [Previous value : LLC SPB Renovation] :
Enter proper value for 'OrgUnit' [Previous value : IT] :
Enter proper value for 'State' [Previous value : Len] :
Enter proper value for 'Locality' [Previous value : Saint-Petersburg] :
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] :
Enter proper value for 'Email' [Previous value : adn@spbren.ru] :
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : vcenter Enter proper value for VMCA 'Name' :vcenter
Error while reverting certificate for store : MACHINE_SSL_CERT Rollback Status : 0% Completed [Rollback operation failed]
Error while performing rollback operation, please try Reset operation...
2.Tried to renew and replace certificates with our internal certification authority under the following articles:
Replace your vCenter vSphere 6.5 Certificates using your own CA
The same error for any operation to reset the certificates:
Error while reverting certificate for store : MACHINE_SSL_CERT Rollback Status : 0% Completed [Rollback operation failed]
Error while performing rollback operation, please try Reset operation...
What could be the problem ? Thank you!
please try with a UPN for the user name (i.e. administrator@vsphere.local )
verify that the DNS entry resolves to the server