3 Replies Latest reply on Dec 13, 2019 5:30 AM by paluszekd

    vCAV 3.0 & vCD 9.7 Initial Setup Cert issue

    webdude2000 Lurker

      I have most of the environment on self gen certs except for the VCD cells which are on a proper SSL public wildcard cert.

       

      When I run the Initial Setup from vCloud Availability on step 3. vCloud Director, when I enter the URL and VCD administrator@system with the password I use to log in, it gives an error:

       

      Could not find SSL/X509 certificate from "https://my-vcd-url/api" (I changed the URL name for this post)

       

      I thought perhaps the vCAV needed the cert imported, so I then imported the cert under https://url:8441 backend.

      Note, I don't have the vCAV setup setup on DNS for the public name, merely internal DNS.

       

      So I am not sure if I needed to import the wildcard cert and if I did, it stands to reason that like with the VCD setup , I need to change to the respective domain name for each vCAV appliance.

       

      Anyone seen this issue?

        • 1. Re: vCAV 3.0 & vCD 9.7 Initial Setup Cert issue
          Jauneorange972 Novice

          Hi,

           

          Take a lot on this KB VMware Knowledge Base , the wildcard need to be imported on the management appliance (not the tunnel appliance, i made this error) by away i don't understand why but it works.

           

          The hostname on the management appliance must correspond to the public FQDN without the suffixe dns.

           

          And after all these modification you need to restart services and check all are green on system monitoring.

           

          Best regards

          • 2. Re: vCAV 3.0 & vCD 9.7 Initial Setup Cert issue
            KFM Enthusiast

            To be clear, the hostname on the actual management appliance does not need to be the same as the public FQDN. In our environment we use our internal naming scheme to assign hostnames to the appliances and everything works fine from the Internet.

             

            The trickiest thing I've found with vCAv is DNS resolution (depending if you're using split DNS) and the firewall rules depending if you deploy the components in the VMware recommended zones (trusted for all components except for the Tunnel which lives in the DMZ).

             

            To the OP - are you still experiencing issues with your deployment?

            • 3. Re: vCAV 3.0 & vCD 9.7 Initial Setup Cert issue
              paluszekd Hot Shot
              VMware EmployeesvExpert

              1. You can utilize a wildcard cert for the CRM, but it MUST be unique between cloud sites.

              2. DNS resolution is imperative for pairing to VCD - especially the communication path. Ensure the vCAv CRM has the proper route to the VCD instance for pairing.

               

              -Daniel