vCenter

 View Only

  • 1.  SSL automation tool is not loading advanced configurations

    Posted Feb 23, 2014 03:05 PM

    Hello everyone,

    I'm trying to load a new SSL certificate on my vCenter server (Virtual Center 5.1 u1b). I already requested the certificate, create all files needed and I'm trying to load that on my environment.

    My vCenter server don't have the same name of certificate, we use an alias to make more user friendly the workstation connection to VDI environment.

    That is my issue, when I try to add the new certificate I received the message below:

    [.] ERROR: The leaf certificate doesn't have any CN or subjectAltName that match

    es the public address of the current machine. Rejecting the chain. To skip this

    check, set the `ssl_tool_no_cert_san_check' environment variable to 1.

    [.] ERROR: The supplied certificate chain is not valid.


    OK, I went to config file and edited. I enabled the ssl_tool_no_cert_san_check with variable 1 and restart the tool.


    As soon Automation tool starts, the message below appears:


    F:\SSLAutomationTool1.0.1>ssl-updater.bat

    'ssl_tool_no_cert_san_check' is not recognized as an internal or external comman

    d, operable program or batch file.


    So the parameter that I need is not been loaded.

    Anyone know how I can solve that?

    Thanks



  • 2.  RE: SSL automation tool is not loading advanced configurations

    Posted Feb 23, 2014 03:58 PM

    Yes use the correct syntax in the batch file, you seem to have a typo there, as all it does is setting an environment variable.

    Why did you not include the DNS alias in the subject alternate name field of the certificate? The way to force the certificate in will still produce certificate warnings for your end users.



  • 3.  RE: SSL automation tool is not loading advanced configurations
    Best Answer

    Posted Feb 23, 2014 05:10 PM

    Hello Frank, I'm not owner of certificate process creation.

    The company that I work request Symantec Verizon certificates and each aditional DNS is charged. So only one name is added on certificate. :smileysilly:

    Related with the issue I added the line in bold below on file ssl-updater.bat

    :updateVC_SSL

    set ssl_tool_no_cert_san_check=1

    call :echoAndLog "The services that are restarted as a part of this operation are: VMware VirtualCenter Server, VMware VirtualCenter Management Webservices and VMware vSphere Profile-Driven Storage Service."

    call "%~dp0tools\read-params.bat" -vc

    call:validateCertificateChainFully "%vc_cert_chain:"=%" "%vc_private_key:"=%"

    Thanks