First take vCenter VM snapshot for backup purpose.
Take note of host where the vCenter VM resides while starting the activity.
Take Access of vCenter Shell to create a certificate CSR request.
root@prod-vcsa71 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
Now copy the CSR file content in notepad file and save as .txt or .csr
Once have the CSR, generate a certificate by using this CSR.
Now copy the certificate file to the vcenter along with the RootCA certificate.
Start process for Import the certificate.
root@prod-vcsa71 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
Provide certificate file location as per below the snip, Once all details provided it will take around 20-30 mins depending on the vCenter performance.
Once all required services started properly it will give the status as mentioned below.
Now try to access the vCenter from WebGUI, It is now secure.
Also try to access the vCenter Appliance Management Interface, It will still show the certificate error, to resolve this, restart the vami https service as mentioned below.
root@prod-vcsa71 [ /opt ]# /sbin/service vami-lighttpd restart
Now again try to access the vCenter Appliance Management Interface, It will also start with SSL certificate.
To check service status:
root@prodvcenter [ ~ ]# service-control --status --all
To check logs if anything fails.
root@prodvcenter [ ~ ]# tail -f /var/log/vmware/vmcad/certificate-manager.log
If Certificate import files due to content-library service fails to start, increase Start time in below mentioned file from 300 to 600sec.
root@prodvcenter [ ~ ]# vi /etc/vmware/vmware-vmon/svcCfgfiles/vdcs.json
No comments:
Post a Comment