Friday, June 05, 2009

How to replace SSL cert in VirtualCenter

When replacing a SSL cert, there might be chance to cause encryption problems between ESX and VC. Doing it improperly will lose permissions setting, and it will take a long time for it to get stabilized.

To generate a new SSL cert, we can follow the instruction here at KB 1009092, or in Leo's blog. The way they listed to install a new SSL cert could be working for someone, but it didn't work on many other folks like this one, and this one. Here I list some basic steps that needed to perform in order to have a smooth change.

1) Disable HA

2) Disconnect ESX from VC

3) Stop VC service

4) Replace SSL cert

5) Start VC service

6) Reconnect ESX to VC with root/pw

If it still have issues, like having an error of vim.faultlogin, we can remove VC agent, and delete vpxuser from SC. Reconnecting ESX to VC will recreate the user and reinstall the VC agent.

Here are a couple KBs and articles might be helpful with changing SSL cert:

Enabling Server-Certificate Verification for Virtual Infrastructure Clients

Configuring Custom SSL Certificates in VirtualCenter 2.5

No comments: