Correct way to regenerate Certificates on Vcentre Virtual appliance

I have been working around with virtual appliance and had to regenerate certificates. The trials of getting this done are covered here , but to properly regenerate the certificates without hangs at boot.

  1. Enable the certificate regeneration either by hitting the “Toggle certificate setting” in the web console or by logging onto the VCA via SSH and running from the command linetouch /etc/vmware-vpx/ssl/allow_regeneration
  2. Stop all the vCentre and SSO services on the Vcentre appliance
  3. Regenerate the certificates
    source vpxd_commonutils; regenerate_certificates
    The result of this should be VC_CFG_RESULT=0
  4. Replace all the certs
    source vpxd_commonutils; generate_all_certificates replace
  5. Clean up the regeneration file by deleting the allow_regeneration file
    rm /etc/vmware-vpx/ssl/allow_regeneration
  6. Reboot the machine and check it comes up cleanly

This should resolve the issue

Changing host name on vCentre Appliance

Just a quick one

In my lab environment I use the virtual centre applicance. As it was setup quite quickly i never bothered adding the VCA to my testing domain at initial setup. Needed to test some domain stuff so decided to add it today.

Process is quite simple to add the VCA to the domain

  1. In your Active directory DNS create both a forward and reverse lookup entry for the VCA
  2. Under Networks cofiguration ensure you have the DNS in your AD configured
  3. On the same screen change the hostname of the VCA to the FQDN you have created ( has to be the FQDN rather than just the appliance name. this is in the form : VCA.domainname.tld )
  4. Reboot is required
  5. After Reboot you have to go to the authentication screen and enter the AD credentials and domain name

After doing all of this you will notice that you can no longer log into the vCentre client , you get the following error

vsphere_client

If you are using the built in certs then to fix this issue you have to go to Admin tab and toggle ” regenerate SSL certificate” setting

If you are using 3rd party certs then they need to be updated to reflect the new host name.

Full documentation on this issue here