September 12, 2021

vSphere GoDaddy Wildcard Certificate replacement

I upgraded my vCenter server from 4.0 Patch 1 to 4.0 Update 1, and had some odd issues with an expired VMware certificate.  Rather than reinstalling vCenter 4.0 Update 1 from scratch, I decided to see if I could replace the SSL certificate in the same fashion as I did with vCenter 2.5 and VI3.

I used the previous method to create the rui.crt, rui.key, and rui.pfx files.

I then copied these files to the following location:
C:Program FilesVMwareVMware VirtualCenterSSL

I then restarted the VMware VirtualCenter Server and VMware VirtualCenter Management Webservices services.

At first when I used a web browser to access https://vcenter.jasemccarty.com/ everything appeared to be working correctly.  However, when I accessed https://vcenter.jasemccarty.com:8443/ I could not access the site at all.  Remember, that the VMware VirtualCenter Management Webservices run on port 8443 (by default).  How could I correct the issue?

Closer inspection of server.xml (located in C:Program FilesVMwareInfrastructuretomcatconf) revealed the problem.  The server.xml file was referencing an improper keystore file.  This is the file that keeps track of certificates that the system knows about.

I modified the Connector section of server.xml to read as follows:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”

maxThreads=”150″ scheme=”https” secure=”false”

clientAuth=”false” sslProtocol=”TLS”

keystoreFile=”C:ProgramDataVMwareVMware VirtualCenterSSLrui.pfx”

keystorePass=”password” keystoreType=”PKCS12″

ciphers = “SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA” />

I then restarted the VMware VirtualCenter Management Webservices and everything started properly.

I also reconfigured my NetApp Virtual Storage Console to use the same wildcard certificate, given that a self generated certificate is used, with the host name of VSC (prompts every time I use it).  I’ll go into that in my next blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.