{"id":435,"date":"2009-12-19T00:32:46","date_gmt":"2009-12-19T05:32:46","guid":{"rendered":"http:\/\/www.jasemccarty.com\/blog\/?p=435"},"modified":"2009-12-19T00:32:46","modified_gmt":"2009-12-19T05:32:46","slug":"vsphere-godaddy-wildcard-certificate-replacement","status":"publish","type":"post","link":"https:\/\/www.jasemccarty.com\/blog\/vsphere-godaddy-wildcard-certificate-replacement\/","title":{"rendered":"vSphere GoDaddy Wildcard Certificate replacement"},"content":{"rendered":"<p>I upgraded my vCenter server from 4.0 Patch 1 to 4.0 Update 1, and had some odd issues with an expired VMware certificate.\u00a0 Rather than reinstalling vCenter 4.0 Update 1 from scratch, I decided to see if I could replace the SSL certificate in the same fashion as I did with <a title=\"Go Daddy Wildcard Certificate with VI3\" href=\"http:\/\/www.jasemccarty.com\/blog\/?p=107\" target=\"_self\"><strong>vCenter 2.5 and VI3<\/strong><\/a>.<\/p>\n<p>I used the previous method to create the rui.crt, rui.key, and rui.pfx files.<\/p>\n<p>I then copied these files to the following location:<br \/>\n<strong>C:Program FilesVMwareVMware VirtualCenterSSL<\/strong><\/p>\n<p>I then restarted the VMware VirtualCenter Server and VMware VirtualCenter Management Webservices services.<\/p>\n<p>At first when I used a web browser to access <strong>https:\/\/vcenter.jasemccarty.com\/<\/strong> everything appeared to be working correctly.\u00a0 However, when I accessed <strong>https:\/\/vcenter.jasemccarty.com:8443\/<\/strong> I could not access the site at all.\u00a0 Remember, that the VMware VirtualCenter Management Webservices run on port 8443 (by default).\u00a0 How could I correct the issue?<\/p>\n<p>Closer inspection of server.xml (located in<strong> C:Program FilesVMwareInfrastructuretomcatconf<\/strong>) revealed the problem.\u00a0 The server.xml file was referencing an improper keystore file.\u00a0 This is the file that keeps track of certificates that the system knows about.<\/p>\n<p>I modified the Connector section of server.xml to read as follows:<\/p>\n<blockquote><p>&lt;Connector port=&#8221;8443&#8243; protocol=&#8221;HTTP\/1.1&#8243; SSLEnabled=&#8221;true&#8221;<\/p>\n<p>maxThreads=&#8221;150&#8243; scheme=&#8221;https&#8221; secure=&#8221;false&#8221;<\/p>\n<p>clientAuth=&#8221;false&#8221; sslProtocol=&#8221;TLS&#8221;<\/p>\n<p>keystoreFile=&#8221;C:ProgramDataVMwareVMware VirtualCenterSSLrui.pfx&#8221;<\/p>\n<p>keystorePass=&#8221;password&#8221; keystoreType=&#8221;PKCS12&#8243;<\/p>\n<p>ciphers = &#8220;SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,<\/p>\n<p>TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA&#8221; \/&gt;<\/p><\/blockquote>\n<p>I then restarted the VMware VirtualCenter Management Webservices and everything started properly.<\/p>\n<p>I also reconfigured my NetApp Virtual Storage Console to use the same wildcard certificate, given that a self generated certificate is used, with the host name of VSC (prompts every time I use it).\u00a0 I&#8217;ll go into that in my next blog post.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I upgraded my vCenter server from 4.0 Patch 1 to 4.0 Update 1, and had some odd issues with an expired VMware certificate.\u00a0 Rather than &hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-435","post","type-post","status-publish","format-standard","hentry","category-virtualization"],"_links":{"self":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts\/435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/comments?post=435"}],"version-history":[{"count":0,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/posts\/435\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/media?parent=435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/categories?post=435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jasemccarty.com\/blog\/wp-json\/wp\/v2\/tags?post=435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}