Creating a Certificate Signing Request through the vSphere Client (HTML5) doesn't provide the signing key
Article ID: 305919
Updated On:
Products
VMware vCenter Server
Issue/Introduction
The purpose of this KB is to guide you through retrieving this key.
Symptoms:
Symptoms:
- When generating a CSR through the vSphere Client (HTML5) you are not provided with the signing key.
Environment
VMware vCenter Server 6.7.x
Cause
Due to the way the this functionality was implemented, it was intended for the signing key never to leave the node on which the CSR was generated on. This was done for security purposes.
Resolution
This issue is resolved in vCenter Server 7.0 GA, available at Broadcom Downloads.
Workaround:
To workaround this issue, and manually retrieve the signing key, follow the steps below:
- Connect to the VCSA the CSR was generate via SSH.
- Run the command below to export the key:
/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CSR > /tmp/machine.key;
- Download the key via SCP using WinSCP or a similar tool.
Note: If using WinSCP you are unable to connect, please see Error when uploading files to vCenter Server Appliance using WinSCP.
Feedback
Yes
No
Powered by
