The result of playing with Certificates…..

So several days ago I blogged about Derek Seamans’ blog regarding how to install vCenter Server with custom SSL certificates. I also mentioned that I was going through the process once again with vCenter 5.1 u1….. well suffice to say I used the new tool provided by VMware to install some custom certificates and it all went pretty well….. apart from 2 things – Orchestrator and VUM.

VMware pretty much state that there’s a limitation to the tool if you use a FQDN rather than an IP Address to register the VUM server to vCenter Server….. which is a bit of a strange limitation as you would expect to use a FQDN rather than an IP Address as best practice (and let DNS sort out the mess)…. =)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2041600

Anyways, I tried a manual process of updating VUM using the VMwareUpdateManagerUtility.exe found in C:\Program Files (x86)\VMware\Infrastructure\Update Manager. Unfortunately it kept erroring out every time I tried to add in the SSL certificate – which is strange as it’s a simple GUI utility….. in the end I gave up and just uninstalled VUM and then pre-populated the SSL certificates in C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL before re-installing VUM. That seems to have worked as I can now access VUM via the vSphere Client. =)

Orchestrator was a bit more of a problem….. The VMware tool displayed an error saying it couldn’t find an installation of Orchestrator. I thought it could be because when you install vCenter Server, the Orchestrator services are disabled by default…. so having started the services and re-tried, it still errored out!

Turns out the Orchestrator service doesn’t fully start unless you go into the configuration web GUI and fix all the ‘warning and errors’…. and the main error was ‘Authentication’…… in the end the only way I could fix this error and get the services started was to actually install the root certificates, vCenter/SSO certificates and the Orchestrator certificate via the configuration web GUI…… kinda defeated the point of the tool from VMware!

I’ll have to re-visit this some other time to find out why it didn’t work!

 

On another note, my installation of SRM with custom SSL certificates went without too many hitches….. so all I need to do is collate all my screenshots and instructions together for a future post! Stay tuned…… =)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s