vCenter

 View Only
  • 1.  Possible Certificate Issue

    Posted Mar 28, 2018 06:25 PM

    I have a strange problem that I have been working on all day and just don't know what else to do.

    I migrated my internal CA to 2016 server which required me to update my certs for vSphere.  I went though the steps and thought all was good until I tried to SSH into the VMCA.  I kept getting Access Denied errors when logging in with the root account.  It eventually locked the account and found steps to unlock it and I even tried resetting the password.

    Now here is what is strange.  All of my hosts and vCenter show the correct certificate in my browser.  Even the PSC URL is good (https://vmca.domain.com/psc).  I am able to login all fine and dandy.  However, if I go to https://vmca.domain.com:5480 it shows the certificate from my old 2012 CA which is no longer online and I cannot login.  But if I go to https://vmca:5480 I can login but the certificate is still wrong.

    I also cannot access the VMCA with WinSCP, keeps giving me authentication errors.  I cannot SSH into it with my root account, just keeps saying Access Denied.  I can SSH with my administrator@vsphere.local account but I can't do a whole lot.

    So what I want to do is reset everything back to self-signed certs and go through the process again but cannot get anywhere.  Hoping someone has some ideas for me to try.  Any help would be appreciated.

    Thanks.



  • 2.  RE: Possible Certificate Issue

    Posted Mar 29, 2018 11:27 AM

    I resolved my Access Denied error when trying to SSH into vCenter by following this article:

    VMware Knowledge Base

    In my case I had set it to /bin/bash/ instead of /bin/bash

    But I still have the certificate issue when attempting to get to https://vcsa.domain.com:5480.  It gives me an invalid certificate error and I cannot login.  But if I go to https://vcsa:5480 I can login and see that my certificate is still from my old CA.  Would like to fix this as it is bugging me.  Any ideas are welcome.



  • 3.  RE: Possible Certificate Issue
    Best Answer

    Posted Mar 29, 2018 01:31 PM

    port 5480 is VAMI page

    Note :Ensure to take  vcenter/PSC snapshot before trying any steps

    Can you try the steps in the KB

    VMware Knowledge Base

    Thanks,

    MS



  • 4.  RE: Possible Certificate Issue

    Posted Mar 29, 2018 02:23 PM

    Thank you so much, worked like a champ.