replace the SSL certificate in Dell OMSA 7.2

My University is compels me to replace the Dell's SSL certificate in OMSA with a certificate from a certification authority. We use InCommon.

I generated a certificate using Microsoft IIS request. InCommon generated the certificate and got sent back links to a variety of formats.

 as PKCS#7 Base64 encoded:
    Other available formats:
       as PKCS#7 Bin encoded:
       as X509, Base64 encoded:
       as X509 Certificate only, Base64 encoded:
       as X509 Intermediates/root only, Base64 encoded:
       as X509 Intermediates/root only Reverse, Base64 encoded

Does anyone know what kind of certificate I need, and exactly how to install it in the apache server that runs Dell OMSA.

Ok. I have an answer.

As far as I know, the interface Dell OMSA itself does not have to import the intermediate certificates (returns an error) and cannot be used to create a useful CSR (signature request) because you can't specify your own institutional settings. Our CA would not authenticate the CSR request generated by the Dell OMSA interface, even if it would incorporate new certificates (which she seems to fail at the).

The simplest approach is to generate a CSR in Windows IIS, the authenticated certificate back from your CA, and then to export to a .pfx file (private, final, intermediate entity certificate and certificates root key, extended attributes).

Use IBM tool called keyman (download www.ibm.com/developerworks). Use the version of Windows.

It can convert a .pfx file in a keystore apache in 3 easy steps. 1. create a new key file

2 import the .pfx file 3. Save the key file.

Tips on the internet suggest keeping all the passwords the same - pfx export, keystore, key, etc.

Edit the server.xml file in the apache server to use your new password.

Only downside is that your password will be readable text in the server.xml file. In the original file server.xml file Dell used system tools or java to hide passwords.

Tags: Dell Servers

Similar Questions

Replace the SSL certificate in VMware appliance identity

Hello
I followed the steps to replace the device of identity, a certificate signed by a CA (latest version 2.2.1.0)
Everything went well and I have included the private key and the certificate chain complete with the device of the expected identity.
However when I close all browsers and access the identity unit his shows always the default signed certificate (despite the tab SSL showing otherwise!)
I rebooted the device and replaced with a new certificate, but this made no difference. Am I missing something?

See here the response of GrantOrchardVMware vRA: certificate does not appear to extend to the port 5480.

Essentially of 5480 runs using a different web server certificate is not installed in when you update it. There is a way to update the certificate for the site of 5480 which can be found here vCloud Automation Center Documentation Center

VUM 6.0, replacement of SSL certificates

Hello
VCSA device (6.0) external PSC
VCenter VCSA device (6.0)
VUM 6.0 (1 x R2 Windows 2012 running SQL 2014 and 1 x R2 Windows 2012 with VUM installed)
Open root SSL and subordinate CA
I replaced the certificates for the PSC with no problems, the VC and the hosts are all good :-)
To replace the VUM SSL certificates, I followed KB 1023011 and replaced the self CERT signed with certificates signed by a subordinate CA OpenSSL. When I open the VI client and activate the VUM plugin I get a certificate error. If I open the PFX and import it into my personal cert store the complete chain, subordinate and root is here, and all are approved. If I navigate over https to another server where I replaced the SSL certificate with the one that was signed by the same CA browser isn't moaning.
Issues related to the:
1. the error indicates that my PC does not trust the cert or vCenter does not support the cert?
2. If it is likely that the vCenter is not to trust the cert how to install the CA certificate root in the keystore on the vCenter? The PSC has already he is and trust her, otherwise she would not distribute certs kindly signed to esxi hosts.
3. the cert that was issued for MUV has the VUM server's dns name in the part of the cert SAN but not in the issued to. Who is likely to be a problem?
4. the CSR that has been generated for MUV did not come from the VUM server, instead, it was made from the workstation where he has installed OpenSSL. Who is likely to be a problem?
As a side note KB 1023011 has no mention of being the right process for 5.5, 6.0 let alone!
Thank you very much
Girardot

Hello

I managed to solve this problem by adding intermediate CA on the end of the rui.crt.

See you soon,.

Girardot

Cannot save vSphere Web Client after the replacement of the SSL certificate

Hi all
I have followed the Articles of Derek Seaman on the replacement of all the certificates in vSphere 5.1 and have since turned to the VMware KB Articles. I replaced the certificates for the SSO, the inventory Service and vCenter Server with no problems (other than having to use OpenSSL-Win64 for vCenter certificate that I could not get the x 86 version certificate of work, makes no sense, but I'll take the small victory).
If you follow the guide of vmware to replace the web service certificate, http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC & docType = kc & docTypeID = DT_KB_1_1 & externalId = 2035010, I get to step 12, enter the VMware vSphere Client Web back to vCenter Single Sign On and the following error:
##########################
D:\Program Files\VMware\Infrastructure\vSphereWebClient\SsoRegTool > regTool.cmd registerService - cert "C:\ProgramData\VMware\vSphere Web Client\ssl" - ls - url ( https://(Server URL): 7444/lookupservice/sdk - username admin@system-domain - password (password) - dir 'D:\Program Files\VMware\Infrastructure\vSphereWebClient\SsoRegTool\sso_conf' - ip "*." ' * ' - serviceId-file 'D:\Program Files\VMware\Infrastructure\vSphereWebClient\serviceId'
No file properties not found
Initialization of provider of record...
SSL certificates for https://vsphere.au.ray.com:7444/lookupservice/sdk
SSL certificates for https://vsphere.au.ray.com:7444 / sso-adminserver/sdk
Unhandled exception trying to escape: null
Return code is: OperationFailed
100
##########################
VMware technical support suggested I uninstall all components, delete all databases and try again. I have done this and have exactly the same result.
Has anyone seen elsewhere or managed to solve?
Chris

So, I managed to solve this problem. Not sure that this applies to everyone, but my problem was caused by registering using among other names of the subject in the SSL certificate for the SSO rather than the common name of the certificate.

For example, the server name is server1.company.com. It is the common name of the certificate. But one of SAN of the certificate has been "vSphere.company.com". If I used this other name in one of the component records that they would fail. I found that I have to use the common name. Even if the alternative names of job access to via your browser web, there is no certificate warning, if the registration of components using these names, it would fail.

It seems crazy that you can use any of the San... then why allow us to make?

Initially, I tried to replace the authentication certificate ONLY when the town was called vsphere.company.com, rather than the hostname of the server, and which is installed. However, try to install the Web Client would fail. When you come to the step where you have to accept the certificate of SSO, the installation fails because the common name of the certificate does not have the host name of the SSO server. It seems insane to me... why the host name of the server running the SSO should still come in when all calls are over HTTPS is simply absurd!

I confirmed this with VMware Technical Support and they checked my conclusions.

Replacement of the SSL certificate in vCenter Server Heartbeat with a new certificate

Realized the SSL certificates on my vsphere vCenter Server 5.5 environment change, but now I'm looking to deploy vmware vCenter Server HeartBeat service, but I have the following doubts.
1. it is necessary to perform the exchange of currently used SSL certificate in my environment. ()http://kb.vmware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 2013041( )

KB article talking about amendment of the certificate of a vCenter Server Heartbeat deployed... If the vCSHB are not deployed and yet, you don't need to worry... just go ahead with the installation and the new vCenter server certificate will be recognized by vCSHB.

How to install the ssl certificate in windows server 2008?

Hello

Can someone give me the steps to install the SSL certificate on my application hosted on windows server 2008 R2?

Hello

Although technet.microsoft.com should be the best forum for the problems of server below is a guide on how to install an SSL certificate.

It will be useful.

To install your newly acquired in IIS 7 SSL certificate, first copy the file somewhere on the server and then follow these instructions:
1. Click on the start menu, go to administrativetools and click on Manager of Services Internet (IIS).
2. Click the server name in the links on the left column. Double-click server certificates.
3. In the Actions column to the right, click Complète Certificate Request...
4. Click on the button with the three points, and then select the server certificate that you received from the certificate authority. If the certificate does not have a .cer file extension, select this option to display all types. Enter a friendly name that you can keep track of certificate on this server. Click OK.
5. If successful, you will see your newly installed in the list certificate. If you receive an error indicating that the request or the private key is not found, make sure that you use the correct certificate and you install it on the same server that you generated the CSR on. If you are sure these two things, you just create a new certificate and reissue or replace the certificate. If you have problems with this, contact your certification authority.
Bind the certificate to a Web site
1. In the column of links on the left, expand the sites folder, and click the Web site that you want to bind the certificate to click links... in the right column.
2. Click the Add... button.
3. Change the Type to https , and then select the SSL certificate that you just installed. Click OK.
4. You will now see the listed link for port 443. Click close.
Install all the intermediate certificates

Most of the SSL providers issue certificates of server out of an intermediate certificate so you will need to install the intermediate certificate on the server as well or your visitors will receive a certificate error not approved. You can install each intermediate certificate (sometimes there are more than one) by following these instructions:
1. Download the intermediate certificate in a folder on the server.
2. Double-click the certificate to open the certificate information.
3. At the bottom of the general tab, click the install Certificate button to start the Certificate Import Wizard. Click Next.
4. Select place all certificates in the following store , and then click Browse.
5. Select the Show physical stores checkbox, then expand the Intermediate certificate authorities folder, select the below folder on the Local computer . Click OK. Click Next, and then click Finish to complete the installation of the intermediate certificate.
You may need to restart IIS so that it starts the new certificate to give. You can verify that the certificate is installed correctly by visiting the site in your web browser using https rather than http.

Links
Kind regards

Joel

What happens IF we replace the default certificates for vCenter 5.1?

Does anyone have specific vmware documents indicating what happens IF we replace the default certificates for vCenter 5.1 SSO, inventory, Web Client etc... services?
I found this below at page 19 of https://www.vmware.com/files/pdf/products/vCenter/VMware-vCenter-Server-Single-Sign-On.pdf
Certificates update
When you install the vCenter Single Sign-On, each component that registers with it - including
vCenter Single Sign-On himself - uses SSL to communicate between components and saved solutions.
By default, SSL certificates are generated automatically by VMware installation and upgrade process
and are sufficient for the operational security for most VMware customers.
Some clients prefer to use their own self-signed or purchased SSL certificates. A tool has been developed to
help the insertion of these certificates after vCenter Server installation. Because of the additional knowledge
required to create and install self-signed certificates, we recommend that you review the following knowledge of VMware
basis of articles:
"Deployment and using the tool to automate SSL certificate.
(VMware 2041600 knowledge base article)
"Generation of certificates for use with the VMware Certificate SSL automation tool"
(VMware 2044696 knowledge base article)

In 10 years your vCenter starts (because of expiry of the certificate).

Your users will see pesky warnings of SSL certificate when connecting components.

Apart from that all traffic is always secure and encrypted with certificates by default, you have simply a chain of trust for them.

How can I set up email when the field on the SSL certificate does not match?

I am a customer of Dreamhost and don't know if our situation is unique or not, but both smtp and imap are "mail.example.com" even if the SSL certificate belongs to ' *. DreamHost.com'.

I was not able to set up the email on my flame app because I get the following error:

> Could not establish a connection with "mail.example.com". There may be a problem with your network or server.

I think the problem is the lag of domain name, but I can't find a way to accept the certificate.

Hello!

According to the official DreamHost wiki site , you can try this (cut-and-pasted from the page). If it doesn't work, there are still other options available on the page.

To connect to the mail server using the name of the server dreamhost.com instead of messagerie.votre_domaine.fr.

Use the following steps to determine the name of the server to use:
```
   In the DreamHost Control Panel
   Click "Account Status" in the upper right hand corner
   Look for the "Your Email Culster:" at the bottom of the list.
   Find your cluster in the table below.
   Use the server name for the incoming server in your mail program.
```
Name of Server Cluster e-mail
homiemail-sub3 sub3.mail.dreamhost.com
homiemail-sub4 sub4.mail.dreamhost.com
homiemail-sub5 sub5.mail.dreamhost.com
homiemail-master homie.mail.dreamhost.com

Setting the SSL certificate for the web user interface

How can I configure the SSL certificate for the management of a SG300 interface? I don't seem to find the configuration option in the web gui?

Hello Dirk,.

For import / create / modify h99350 ssl please go to ' ' security > SSL server > SSL server authentication settings.

HTTPS is enabled by default.

Thank you and best regards,

Siva

The SSO authentication: the SSL certificate is unknown

Hello
I'm trying to configure orchestrator solution to use SSO for authentication. Although the vCenter certificate is installed and displayed in the trust to SSL Manager, I get the following error:
The SSL certificate is unknown. You can fix this in the SSL Certificate tab.
Tried to reinstall the certificate, restart the device - without success. Username and password are correct.
I use Version of the device: 5.5.0.0 build 1282845, vCenter 5.5.0, 1476327.
How can I solve this problem?

By "vCenter certificate is installed," do you mean Certificate SSL VC (imported from https://[vc-ip]:443)?

For SSO authentication, you must also import the UNIQUE https://[sso-ip]:7444 authentication certificate

Unable to connect to the VMware Research Service - the SSL certificate verification failed

Hello world
to implement the new vCSA 5.1 but I get an error when you try to connect via browser Web Client.
"Impossible to connect to the VMware Research Service . https://xxx.xxx.xxx.xxx:7444/lookupservice/sdk - The SSL certificate check failed. »
I've found this KB
http://KB.VMware.com/selfservice/search.do?cmd=displayKC & docType = kc & externalId = 2033338 & sliceId = 1 & docTypeID = DT_KB_1_1 & dialogID = 423540040 & StateID = 1% 200% 20423538503
The manual/work around seems to be a lot of work for me and perhaps this will cause other problems in the service due to problems of certification :/
I also think that this cannot be the solution for a whole new vCSAppliance...-_-
I am also able to go to https://xxx.xxx.xxx.xxx:9443 / admin-app
is it correct for the device?

You need to regenerate the certificate for Server Appliance after change of IP/hostname.

Visit this link: http://www.virtual-blog.com/2012/09/failed-to-connect-to-vmware-lookup-service/

Also, the admin/management interface is https://: 5480

Lack of credentials [root/vmware]

HTH

Update the SSL certificate on a security server?

Good afternoon everyone,
I'm trying to update the SSL certificate on the server of our security, but I'm running into some problems.
DigiCert (we get our certs of), not like the VMWare KB article order to request a 2048-bit crt, so we used their tool to generate our a commandsfor us:
keytool - genkey-server alias - keyalg RSA - keysize 2048, FULL domain name -.jks keystore - dname 'CN = CNNAME, OR = OUNAME, O = ONAME, L = NAME, ST = STNAME, C = CNAME'
keytool-certreq alias server-file FQDN.csr - FULL.jks domain name
(I did not show the exact details of the CN name, etc.)
It makes the keystore a .jks instead of a .p12
Should this cause problems?

Because after I imported the cert in the keystore, change the config locked file to reference the key file and restart the Server Security Service, it does not restart properly. (Defining the locked towards the old works fine keystore file, then restarting the service works find though.)
This documented error in Event Viewer:
Not able to create the com.vmware.vdi.ice.server.JMXServer.main(SourceFile:211) MBean server
javax.management.MBeanException: Exception thrown in the startServer operation
at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:435)
at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at com.vmware.vdi.ice.server.JMXServer.main(SourceFile:209)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at net.propero.workspace.windowsinfrastructure.tunnelservice.TunnelService.run(SourceFile:34)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.Exception: ice beginning: null
at com.vmware.vdi.ice.server.Ice.startServer(SourceFile:695)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
Should I request/pay for a new cert so my base keystore is .p12 instead of .jks?

Hello

I think that the command you mentioned creating a CSR only. You get a digicert certificate after sending this rea and create a keystore with whom?

Please follow the steps in this KB to complete the whole process.

http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=1008705

-noble

For the SSL certificate expiration date

Hello
We use Adobe LiveCycle Installation of JBoss, and the SSL certificate that we use to enable rights management has expired.
We have created a new which now works fine, but we would like to know if there is a way to control or extend the expiration date of the certificate, such as 3 months is a very short time.
Kind regards
Marwa

The server SSL certificate is used for active between Acrobat and LiveCycle Rights Management Server to encrypt HTTP traffic. It 'does NOT' management of rights in itself. In other words, even if at the end of the ceriticate SSL, Adobe LiveCycle Rights Management will continue to work.

You do not control the expiration date of the certificate. The -validity argument allows you to control, in terms of days. 3650 will set the expiry of 10 years from the date of creation.

More details here:

http://blogs.Adobe.com/LiveCycle/2007/10/configuring_jboss_403_sp1_for_1.html

Replaced the SSL appliance - VMware vCenter Support Assistant device certificate

Hello
I need replace the certificate in the device wizard helps VMware vCenter but get the error below aa.

Key file is empty, it does contain a private key or contained an unsupported key type. Supported key types are PCKS #1 and PKCS #8.

However, the official documentation of the product on page 19 is 20 below the procedure.

Replace your vCenter Support Assistant SSL certificate uses a self-signed certificate. You can change your SSL certificate in accordance with the policy of your company for SSL certificates. Procedure
1 in a Web browser, go to the IP address of the device.
2. connect the unit to Support Assistant vCenter.
3 click the tab settings of VA.
4 under the SSL Configuration, in the private key (.pem) text box, click on choose a file.
5 in the file browser window, navigate to the directory that contains your certificate, select the private key (*.pem) that corresponds to the certificate chain and click Open.
VMware, Inc. 19 if your private key is protected by a password in the password key text box, type the password.
7 in the certificate (.pem, .p7b) string text box, click on choose a file to select your certificate chain file.
8 in the file browser window, navigate to the directory that contains your certificate chain, select your Certificate SSL (*.pem, *.p7b) chain and click Open. NOTE If you try to add an expired certificate, a warning message indicates that you are not allowed to add the certificate.
9. click on apply to apply the changes.
Could someone help me.

Hi, peaple.

After several tries, I had success in the process of exchange of certificate VSA.

1 - the DNS configuration was wrong.

2 - certified should be the key (RSA private key format) published the .pem file must be trained using the service certificate + certificate of certification authorities.

SSO hosts SSL certificate is unknown. You can fix this since the SSL Certificate tab

I'm trying to reregiter my vro with sso authentication but I keep running into this error. The certificate has already been imported.
any idea? Basically, I removed the vro unit and deployed a new and now problems with registration of SSO. I need to remove the plug-in vcenter first vro?

Looks like you have imported the ssohost:7444SSO certificate. You must also import the ssohost:443 host SSL certificate

replace the SSL certificate in Dell OMSA 7.2

Similar Questions

Maybe you are looking for