Sunday, April 7, 2013

Using the VMware vCenter Certificate Automation Tool: Part 3 (vCenter and Orchestrator)

Continuing from Part 2 of my VMware vCenter Certificate Automation tool series, we are now ready to replace the vCenter server and vCenter Orchestrator certificates. If you want to start at the beginning, check out Part 1.

1. Per the pre-planning guide step 4 I exit back to the main menu by pressing 5, then press 4. vCenter needs to trust the SSO certificate, so I press 1. The default path and file are correct, so I press enter. Success!


Step 4 of the pre-planning guide is complete. Check!

2. From the same menu I press 2, to update the vCenter SSL certificate. Again, the default paths and files were correct so I accepted them. Now I'm prompted for the vCenter administrator name and password. Next I'm asked to enter the original vCenter server database password, with all kinds of scary warnings if I input the wrong password since no validation is done. I'm also asked to enter the SSO administrator username and password.


After several minutes of chugging away I see a successful message.

Step 5 of the pre-planning guide is complete. Check!

3. Per the pre-planning guide I now must select option 3, to trust the inventory service SSL certificate.


Step 6 of the pre-planning guide is complete. Check!

4. Pressing 5 I get back to the main menu. And I need to go back into the inventory service, so I press 3.  Finally, we now configure the inventory service to trust vCenter by pressing 2.


Step 7 of the pre-planning guide is complete. Check!

5. Pressing 5 I get back to the main menu. I now press 5, to update vCO. Per the pre-planning guide I need to configure vCO to trust SSO, so I press 1. The default SSO filename is correct so I press enter.



Step 8 of the pre-planning guide is complete. Check!

6. Now vCO needs to be told to trust vCenter server, so I press 2 and validate the path is right.


Step 9 of the pre-planning guide is complete. Check!

7. Next up is updating the vCO SSL certificate, so I press 3 and validate the path.


Step 10 of the pre-planning guide is complete. Check!

Check out Part 4 where we update the Web Client and Log Browser SSL certificates.
at

4 comments:

  1. AnonymousApril 9, 2013 at 6:20 AM

    Derek, Great to see you going through this new tool. Could you confirm what the "vCenter Original database password" is? Is it the RSA_DBA user password?
    Thanks in advance

    ReplyDelete
    Replies
    1. NoneApril 9, 2013 at 8:40 PM

      @Anonymous: Check out this VMware KB article for more info about the vCenter server database user ID and password:

      http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006482

      It's not related to the RSA_DBA account.

      Delete
    2. AnonymousApril 11, 2013 at 3:29 AM

      Thanks Derek. I managed to narrow it down through trial and error ahead of your reply ("cannot log in to vCenter" errors in vc-update-ssl.log). The VMware pointer to the non-existant KB2047787 in the warning didn't help much at the time :-) (internal reference number perhaps??) I'm certainly hoping the graphical vCert manager, demonstrated last year, isn't to far away....

      Delete
    3. NarendraApril 15, 2013 at 9:22 PM

      @Anonymous: Please refer this KB (2041600) - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2041600

      Delete