vsphere_static_160x300
Free Business and Tech Magazines and eBooks
Badges

vexpert_logo_100x57

gestaltitbadge

follow-me-twitter

Subscribe to me on FriendFeed

Comments / DISQUS
Tag Cloud
Feedjit.com
«
»

730 Days Later – Replace The VirtualCenter Default SSL Certificate

PostDateIcon June 25th, 2008 | PostAuthorIcon Author: Rich Brambley

Yes, this post uses another movie reference.

In the film 28 Days Later the Rage virus infects the Island of Great Britain turning all but a few survivors into zombie-like monsters called “The Infected”. The virus was unleashed when animal activists released medical research chimpanzees which ended up attacking the activists and scientists. This post is about what could cause a similar rage 730 days after installing VirtualCenter, potentially causing VI administrators to become lifeless, rabid, and insane.

After installing VirtualCenter (VC), you should check the installed SSL certificate used by the VI Client because you will most likely need to manually replace it. After a fresh installation the default certifcate expires in 730 days (or 2 years). If the certificate expires you will be unable to log in to the VirtualCenter Management Server using either the VI Client or the web administration interface.

Unfortunately, it is unclear to me at this writing if upgrading the VC Server within the 730 day period updates the certificate store.

According to my local VMware contacts the latest version of VC fixes this, but when I double checked our lab VC server, which was installed fresh as version 2.5, the default SSL certificate had a 2 year period. Maybe VC 2.5 update 1 has the fix? The current product’s release notes do not mention the issue.

VMware has published a technical note titled Replacing the VirtualCenter Server Certificates which explains how to replace the certificates.

Rick Vanover’s SearchVmware.com post Upgrading VirtualCenter does not update certificate store brought this issue to my attention and summarizes this potential problem best:

“The good news is that you now know about this issue. The bad news is that you better correct it before the two year anniversary of your installation of VirtualCenter as it is required to process logins. VMware has a comprehensive PDF that outlines the certificate procedures for VirtualCenter and the ESX hosts. The ESX hosts, however, have a much longer lifespan for the local certificate, around 20 years, and do not exhibit this behavior. The VMware server certificate documentation is available for download from the VMware website.”

Related Posts

PostCategoryIcon Posted in VirtualCenter, VirtualCenter, vi client | PostTagIcon Tags: , , , , , ,
«
»
  • eddiepetosa
    This is quite a fun idea. Comparing IT life with movies. If the chimps were infected sites, they could have simply resolved the problem using ssl certificates.
blog comments powered by Disqus
Hyper9 Cowabunga
Support VM /ETC
Support VMETC.com

Support VMETC.com

Special Offers

Save 10% on select VMware products!

@rbrambley tweets
Advertisements
Facebook
VMETC
VMETC
Promote Your Page Too
VMTN Roundtable Podcasts
Subscribe



Add to Google Reader or Homepage
Subscribe in NewsGator Online
Add to netvibes
Add to Plusmo

License
Creative Commons License
www.vmetc.com by Richard Brambley is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 VM /ETC. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.