Uh Oh..Expired vCAC Certs…..

Hit an issue in the lab this week with vCAC/IaaS where the self signed certs had expired. Self signed certs last 12 months..note to self…setup CA! This was compounded by the expiry of the internal Solution User’s certificate. more info on that here 

Anyways here is the error and how i got things working again…

*** Service Unreachable

A required service cannot be reached at the expected address.

Please contact your system Administrator for Assistance.

Reference error REPO404. ***

 

Browse to https://vcacFQDN:5480

  • Navigate to SSL and select Generate from the drop down list to generate a new self signed cert & Save

On the IAAS VM open an elevated command prompt and run the following:

  • cd c:\”Program Files (x86)”\VMware\vCAC\Server\”Model Manager Data”\Cafe
  • Vcac-Config.exe UpdateServerCertificates -d iaas_db_name -s sqlServerFQDN -v

Open IIS Manager on the IaaS VM & browse to Server Certificates
Click generate self-signed on the right hand pane

Create Self Signed
Fill in the IAAS FQDN and click Finish
Navigate to the Default site and click Binding on the right hand pane

Bindings
Edit the https binding and select the new certificate and save

Set Binding

Select Cert
Open an elevated command prompt and run the following:

  • iisreset
  • Vcac-Config.exe GetServerCertificates -url https://vcacFQDN –FileName .\Vcac-Config-2015-02-06.data -v (insert your current date to this filename)
  • Vcac-Config.exe RegisterSolutionUser -url https://vcacFQDN –Tenant vsphere.local -cu administrator@vsphere.local -cp Password –FileName Vcac-Config-2015-02-06.data -v (insert your current date to this filename)
  • Vcac-Config.exe MoveRegistrationDataToDB -d -d iaas_db_name -s sqlServerFQDN -f Vcac-Config-2015-02-06.data -v (insert your current date to this filename)

Restart all vCAC IAAS services

Open an elevated command prompt and run the following:

SSH to the vCAC virtual appliance and run the following:

service vcac-server restart

Browse to the vCO configurator https:vcoFQDN:8283

  • Click on Network > SSL page & delete the vCAC & IAAS certificates
  • Import the new vCAC and IAAS certificates on the same page

If using ITBM Browse to https://itbmFQDN:5480

  • Re-register to vCAC ensuring that “Accept vCAC certificate” is ticked
    Reboot ITBM

Browse to https://vcacFQDN and https://iaasFQDN  and add the certs.

And finally….a word of advice…setup a CA or make a note of expiring certs!!!

Must Try Harder

 

 

 

2 thoughts on “Uh Oh..Expired vCAC Certs…..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s