I upgraded my vCenter server from 4.0 Patch 1 to 4.0 Update 1, and had some odd issues with an expired VMware certificate. Rather than reinstalling vCenter 4.0 Update 1 from scratch, I decided to see if I could replace the SSL certificate in the same fashion as I did with vCenter 2.5 and VI3.
I used the previous method to create the rui.crt, rui.key, and rui.pfx files.
I then copied these files to the following location:
C:Program FilesVMwareVMware VirtualCenterSSL
I then restarted the VMware VirtualCenter Server and VMware VirtualCenter Management Webservices services.
At first when I used a web browser to access https://vcenter.jasemccarty.com/ everything appeared to be working correctly. However, when I accessed https://vcenter.jasemccarty.com:8443/ I could not access the site at all. Remember, that the VMware VirtualCenter Management Webservices run on port 8443 (by default). How could I correct the issue?
Closer inspection of server.xml (located in C:Program FilesVMwareInfrastructuretomcatconf) revealed the problem. The server.xml file was referencing an improper keystore file. This is the file that keeps track of certificates that the system knows about.
I modified the Connector section of server.xml to read as follows:
<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”false”
ciphers = “SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA” />
I then restarted the VMware VirtualCenter Management Webservices and everything started properly.
I also reconfigured my NetApp Virtual Storage Console to use the same wildcard certificate, given that a self generated certificate is used, with the host name of VSC (prompts every time I use it). I’ll go into that in my next blog post.