8 Responses

  1. Dean Colpitts
    Dean Colpitts at |

    Hmm – nice timing on the posting. Last weekend I attempted to do just this on my vCenter server (to satisfy XenDesktop 5.5) using our wildcard GoDaddy SSL certificate (i.e. *.domain.local) and failed. I tried again this morning, and even with this updated KB article (KB Article: 2009857), my vCenter Service Status and Hardware Status tabs fail to work (as per KB Article: 2007824). I tried this a couple of times now using a .pfx with the entire certificate chain and one without the entire certificate chain. I had also noticed a posting somewhere along the way that that if the rui.crt had any text above "—–BEGIN CERTIFICATE—–" that you would get errors – removing this text didn't help.

    Any further thoughts or solutions?

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi Dean,

      I would recommend that you review my post on updating vCenter Certificates. There are a lot of steps to run through to successfully make it work. You have to get the exact right attributes in your certificate and you have to ensure the integrity of the certificate file from any unnecessary characters. You also have to produce the PFX file with special attributes. Follow the process in The Trouble with CA SSL Certificates and vCenter 5. I've been helping a couple of people with this and the biggest problem has been missing attributes from the generated certificates.

      Reply
  2. Common Mistakes Implementing CA Signed SSL Certs in vSphere « Long White Virtual Clouds

    […] The best advice here is to follow the steps in my blog articles (Refer to the posts listed Updating CA SSL Certificates in vSphere 5) carefully and watch out for updated VMware documentation and KB articles. Always have a backup of […]

  3. Updating SSL Certificate in vShield Manager Made Easy « Long White Virtual Clouds

    […] you are probably aware by now (If you’ve read my previous posts on the SSL Cert Topic – Updating CA SSL Certs in vSphere 5)  there have been a number of examples where the documentation isn’t quite complete or easy […]

  4. Jose Garcia
    Jose Garcia at |

    Hello,

    I don't know if you are aware of KB: 2013352 (Replacing the default SSL certificates for VMware vCenter Server Appliance)

    While the steps provided seem fairly simple, they do not work.

    When restarting the vpxd service as instructed, the following error is thrown:

    "Waiting for vpxd to initialize: .failed"

    Also, no information is provided regarding the password to be used in the PFX certificate file. Can we use any password?

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi Jose, The password for the pfx must be testpassword. There is a link at the bottom of the KB that points you to generating the customer SSL certificate, you can also follow those instructions. Here is the link. http://kb.vmware.com/kb/1029944.

      You should review my instructions for changing the SSL cert on the vCenter Server Appliance. http://longwhiteclouds.com/2012/02/13/vcenter-ser…. I hope this helps.

      Reply
  5. vCert Manager – Changing VMware SSL Certs Made Easy « Long White Virtual Clouds

    […] you still want to do your certificates manually then please feel free to check out my article on Updating SSL Certificates in vSphere 5. I look forward to receiving some good feedback and […]

  6. Automating SSL Certificate Expiry Validation for vCenter Server + ESX(i) Hosts | virtuallyGhetto

    […] details on how to replace the default SSL certificates, you should take a look at the fantastic articles written by Michael Webster who details the process, provides some troubleshooting steps and best […]

Leave a Reply