VMware vSphere

 View Only

  • 1.  How do I update GoDaddy Trusted Root cert?

    Posted Feb 10, 2020 05:23 PM

    Hi all.

    So I am wracking my brain on this one. I've tried everything I could find between Google searches and VMWare's own documentation.

    While I know it is not supported by VMWare, we have a wildcard cert (this predates me) on our vCenter (windows) 6.0 with embedded PSC.

    This GoDaddy cert has officially expired.

    I went on to GoDaddy's website, downloaded the TomCat version of the updated cert and have tried on multiple occasions using both the web interface and CLI to add the certificate. While it never gives me any error, in fact says it has successfully added it, it never-ever shows up.

    I was thinking about removing the expired one and trying again, thinking that maybe it would make a difference, but quite frankly, I am terrified to do this without any real understanding of Certs.

    I am not very familiar with Certificates regardless of it being VMWare or anything else. I just don't understand them.

    What I can say is, this is a deprecated vCenter server for us which is only hosting 2-3 virtual machines as we've already migrated to a newer platform on all new hardware running 6.5. In fact, the newer vCenter doesn't even have a wild card cert. So with that, what would the repercussions be for removing this wildcard cert entirely and not even replacing it?

    Could anyone out there help point me in the right direction?

    Thank you so much in advance.



  • 2.  RE: How do I update GoDaddy Trusted Root cert?
    Best Answer

    Posted Feb 10, 2020 07:36 PM

    If you import a certificate to vCenter you must have the corresponding private key as well. Without that private key you cannot add the certificate to vCenter. I think that is the reason it is not working with the GoDaddy certificate.

    You can safely remove the expired certificate. As a matter of fact, you should remove an expired certificate: Removing Expired or Revoked Certificates and Logs from Failed Installations

    And if you want a new certificate you can always regenerate the certificate in vCenter: VMware Knowledge Base



  • 3.  RE: How do I update GoDaddy Trusted Root cert?

    Posted Feb 10, 2020 07:39 PM

    Fair enough. I will go ahead and remove the expired certificate.

    Would there be any need to replace it, though?



  • 4.  RE: How do I update GoDaddy Trusted Root cert?

    Posted Feb 10, 2020 08:12 PM

    If the vCenter is decommissioned I wouldn't bother...



  • 5.  RE: How do I update GoDaddy Trusted Root cert?

    Posted Nov 21, 2024 11:12 AM
    Edited by ChrisLeblanc Nov 21, 2024 11:12 AM

    I wanted to add to this to help others. (Do look forward to feedback to confirm my steps)

    I just installed a GoDaddy cert. (one tip, test it locally first to see it is seen as valid)

    I didn't have the GoDaddy root in the Cert bundle I was given. I got the root here:

    https://certs.godaddy.com/repository

    I installed that locally and the cert file couldn't be validated. (Note, I make a copy of the cert file with a .cer extension so I can open it in Windows)

    I installed the intermediate cert locally gd-g2_iis_intermediates.p7b and was able to validate the cert file in windows now as the chain showed.

    I don't know if this was needed but I convert the p7b file to a .cer so I could add it as a 2nd trusted root in VCSA.

    converted with OpenSSL  openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer

    I imported this into VCSA so I now have 2 Godaddy trusted roots.

    I realize this thread is for Trusted roots only but do want to add for my cert import, the chain part was the intermediate and root files combined

    For removal of old trusted root, there are shell commands you can find. There is a vCert tool not publicly available you can get via an SR that has a remove option as well


    Original Message