0 Replies Latest reply on Mar 13, 2019 1:43 PM by Cobion2018

    Based on the current configuration, the SSL certificate of the authentication server was not trusted.

    Cobion2018 Novice

      Good afternoon.The term of our language language language SLL certificate for vCenter server and 6.5 expired 06.03.2019 and after connecting to the vCenter server and through the web interface I got an error like : Based on the current configuration, the SSL certificate of the authentication server was not trusted. VCenter is managed through the vCenter Server Appliance Web interface (version 6.5)I tried to generate a certificate using this article:https://youtu.be/oRo9V1YWSJM .But as a result of the set process, there were errors like Don't Update and an attempt to roll back to the previous settings and also Do'nt Update. As a result, now turning at https://vcenter.spbren.ru quite inaccessible page of the web interface.

       

      We have our own internal certification authority and VMware vSphere Appliance Management Embeded PSD, which for some reason issued some other certificate.

      What I tried to do:

      1.  https://kb.vmware.com/kb/2112283  According to this recommendation, we tried to reset the certificates to self-signed, so that we could use vCenter via the Web interface. But every time we try to get a RollBack of the form:

      According to this recommendation, we tried to reset the certificates to self-signed, so that we could use vCenter via the Web interface. when attempting to reset SSL certificates when requesting the default configuration, it is mandatory to specify hostname and VMCA.

      - Tried hostname and FQDN and comma separated, useless;

      -  when you select items 4 and 8, the situation is similar and all actions go to the "rollback" of the operation and also fail.

       

      root@vcenter [ ~ ] # hostname

      vCenter server

      root@vCenter server [ ~ ]# /usr/lib/VMware vmfs/bin/vmafd-CLI and you-pnid --server localhost vcenter.spbren.ru

      In both cases, tried and domain name and short, the result is the same:

      Please provide valid SSO and VC priviledged user credential to perform certificate operations.

      Enter username [Administrator@vsphere.local]:administrator

      Enter password:

      1. certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y Press Enter key to skip optional parameters or use Previous value.

      Enter proper value for 'Country' [Previous value : RU] :

      Enter proper value for 'Name' [Previous value : vcenter.spbren.ru] :

      Enter proper value for 'Organization' [Previous value : LLC SPB Renovation] :

      Enter proper value for 'OrgUnit' [Previous value : IT] :

      Enter proper value for 'State' [Previous value : Len] :

      Enter proper value for 'Locality' [Previous value : Saint-Petersburg] :

      Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] :

      Enter proper value for 'Email' [Previous value : adn@spbren.ru] :

       

       

       

      Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : vcenter Enter proper value for VMCA 'Name' :vcenter

        Error while reverting certificate for store : MACHINE_SSL_CERT Rollback Status : 0% Completed [Rollback operation failed]

      Error while performing rollback operation, please try Reset operation...

      2.Tried to renew and replace certificates with our internal certification authority under the following articles:

      Replace your vCenter vSphere 6.5 Certificates using your own CA

      VMware Knowledge Base

      VMware Knowledge Base

      The same error for any operation to reset the certificates:

      Error while reverting certificate for store : MACHINE_SSL_CERT Rollback Status : 0% Completed [Rollback operation failed]

      Error while performing rollback operation, please try Reset operation...

      What could be the problem ? Thank you!