Posts Tagged ‘SSL’

ESXi Warranty – don’t break the shell

November 26th, 2008

There is an interesting post on the VMTN blog today with regard to the ESXi warranty and not breaking it.

ESXi is not your father’s ESX. There is no Service Console, so trying to fit it into the exact same processes that you’re used to with ESX isn’t recommended. I know, I know, you have all those scripts you’re used to running in the console. VMware is building tools to manage and administer your ESXi from outside the box, and while they’re not quite feature complete, they’re well on their way. So don’t pop the hood; it’s welded shut for a reason.

Sometime back I wrote a post on regenerating SSL certificates in ESXi,  a post that a lot of people land on when searching on the subject within Google.  Now to achieve the regeneration of SSL certificates in ESXi you have to use the tech support mode.  however it would appear based on this latest posting that this will potentially invalidate your warranty and support agreements.

So if you want to regenerate your SSL certificates on ESXi then I suggest calling VMware tech support to ensure your not invalidating any agreements.  Eventually if they get enough help calls they may provide a means of doing this through the VI client.  Now they may already have this but I’m not aware of it so if anyone does know of another way of regenerating the certificates I’d love to hear it.

ESXi, VMware , , ,

BlueBear and the windows certificate issue

October 21st, 2008

Well I finally overcame the Windows certificate issue that occurs with Adobe Air and BlueBear Kodiak. I thought I should reshare this seeing as everyone wants to have a play with this new ESX management tool.

Step 1

Ensure your ESX server has a valid hostname on it’s certificate by connecting to it through a web browser and viewing the certificate. Certificates are usually not a problem with ESX 3.0 or ESX 3.5.  ESX 3.5i on the other hand is a completely different story.  See my blog post on how to sort this problem out Regenerating SSL Certificates in ESX 3.5i

Step 2

Follow Bluebear’s updated instructions on how to install the certifcate and workaround the trust issue.

Step 3

When logging on to Bluebear Kodiak,  don’t make the same mistake I did.  Log on with the FQDN name of the ESX host,  I was using the shortname which works fine for most things but obviously does not match the certificate that’s been installed.  Once you’ve done all that you should have no issues using this great program on a windows machine.


Citrix, New Products , , ,

ESX 3.5i – SSL certificate regeneration *Update*

October 1st, 2008

Just had an email from Bluebear pointing me in the direction of the following article,  wish I had found that earlier on today,  would have saved me loads of time.  Hopefully it’ll save someone some time

ESXi, General , ,

ESX 3.5i – Regenerate SSL certificates

October 1st, 2008

Heres an interesting one,  I’ve been looking at Bluebear Kodiak and was trying to get round an issue with SSL certificates when I found that my ESX 3.5i server had localhost.localdomain as it’s name on the certificate that’s presented when you connect to the host using internet explorer.  How did that happen ????

Well it turns out that if you don’t provide a hostname during the install (which you can’t do in ESX 3.5i) then the certificate is generated based on whatever is in the host file,  in this case localhost.localdomain.  Now in ESX 3.x the full fat version this was not an issue as the installer asks for the hostname during the install.

How do I fix it ?? Well first of all you need to get on to the console on your esx 3.5i box.  But there is no console I hear you cry,  well there isn’t really but there is a subset of linux based commands that can be used in what’s known as “Tech support mode”. Everyone should be aware that this is only meant to be used in conjunction with Vmware support and as such is unsupported,  see the kb article for details. 

To get to it hit Alt +F1 at the console and type unsupported (you won’t see the letters on screen) you’ll need to enter the root password to show that you’ve read the warnings about it being unsupported. See Richard Garsthagen article for more indepth details about how this all works,  it’s even got a handy video of how to do it. 

Now at this stage you ESX 3.5i box should have been assigned a valid hostname so that the new name and IP have been automatically added in to the hosts file on the server.  Once in tech support mode type create_certificates to regenerate the local certificates and then reboot the server for the new certificates to take effect.

To test this has worked you can connect to the host using Internet Explorer and attempt to install the certificate,  you should now see the correct hostname appear on that certificate.

This however did not solve my issue with the Bluebear Kodiak software but did teach me something knew.  Always look on the bright side I suppose.

ESXi, General , , ,