Setup Failed To Generate The Ssl Keys Vmware

Posted on by

Apr 10, 2014  This is a multi part video series to compliment the white paper on Deploying a Centralized VMware vCenter Single Sign-On Server with a Network Load Balancer. As you want to do generate CSR, select option number 1 Replace SSL certificate with Custom Certificate then the Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate. Make sure to enter the correct hostname according to your vCenter hostname when it asked about subject alternative name or hostname. Create backups of the original, default certificate and key to a safe location, in case you have problems and must restore your system to its previous state. 4 Copy the newly generated self-signed certificate (rui.key and rui.crt) to the default location for vCenter Server certificates. During installation, the setup program invokes a copy of openssl.exe on the command line. If a copy of openssl.exe is already present on the computer and in the PATH variable, the wrong version of openssl.exe may be executed and cause the Workstation installation to fail. VMware strongly recommends that you configure SSL certificates for authentication of View Connection Server instances, security servers, and View Composer service instances. A default SSL server certificate is generated when you install View Connection Server.

  1. Setup Failed To Generate The Ssl Keys Vmware Login
  2. Vmware Server Setup Failed To Generate The Ssl Keys
  3. Setup Failed To Generate The Ssl Keys Necessary To Run Vmware Server

The machine SSL certificate is used by the reverse proxy service on every management node, Platform Services Controller, and embedded deployment. Each machine must have a machine SSL certificate for secure communication with other services. You can replace the certificate on each node with a custom certificate.

Before you start, you need a CSR for each machine in your environment. You can generate the CSR using vSphere Certificate Manager or explicitly.

  1. To generate the CSR using vSphere Certificate Manager, see Generate Certificate Signing Requests with vSphere Certificate Manager (Custom Certificates).

  2. To generate the CSR explicitly, request a certificate for each machine from your third-party or enterprise CA. The certificate must meet the following requirements:

    • Key size: 2048 bits or more (PEM encoded)

    • CRT format

    • x509 version 3

    • SubjectAltName must contain DNS Name=<machine_FQDN>.

    • Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment

Note:

Do not use CRL Distribution Points, Authority Information Access, or Certificate Template Information in any custom certificates.

See also VMware Knowledge Base article 2112014, Obtaining vSphere certificates from a Microsoft Certificate Authority. Generate rsa key windows git.

Setup Failed To Generate The Ssl Keys Vmware Login

  1. Start vSphere Certificate Manager and select option 1.
  2. Select option 2 to start certificate replacement and respond to the prompts.

    vSphere Certificate Manager prompts you for the following information:

    • Password for administrator@vsphere.local.

    • Valid Machine SSL custom certificate (.crt file).

    • Valid Machine SSL custom key (.key file).

    • Valid signing certificate for the custom machine SSL certificate (.crt file).

    • If you are running the command on a management node in a multi-node deployment, IP address of the Platform Services Controller.

Vmware Server Setup Failed To Generate The Ssl Keys

If you are upgrading from a vSphere 5.x environment, you might have to replace the vCenter Single Sign-On certificate inside vmdir. See Replace the VMware Directory Service Certificate in Mixed Mode Environments.

Your company's security policy might require that you replace the default ESXi SSL certificate with a third-party CA-signed certificate on each host.

By default, vSphere components use the VMCA-signed certificate and key that are created during installation. If you accidentally delete the VMCA-signed certificate, remove the host from its vCenter Server system, and add it back. When you add the host, vCenter Server requests a new certificate from VMCA and provisions the host with it.

Replace VMCA-signed certificates with certificates from a trusted CA, either a commercial CA or an organizational CA, if your company policy requires it.

Setup Failed To Generate The Ssl Keys Necessary To Run Vmware Server

The default certificates are in the same location as the vSphere 5.5 certificates. You can replace the default certificates with trusted certificates in various ways.

Note: You can also use the vim.CertificateManager and vim.host.CertificateManager managed objects in the vSphere Web Services SDK. See the vSphere Web Services SDK documentation.
Setup failed to generate the ssl keys vmware login

After you replace the certificate, you have to update the TRUSTED_ROOTS store in VECS on the vCenter Server system that manages the host to ensure that the vCenter Server and the ESXi host have a trust relationship.

For detailed instructions about using CA-signed certificates for ESXi hosts, see the VMware KB article https://kb.vmware.com/s/article/2113926.