Unable to deploy VCH with custom certificates in VIC
search cancel

Unable to deploy VCH with custom certificates in VIC

book

Article ID: 340346

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides steps to install VCH using custom certificates.

Symptoms:
When trying to deploy a vSphere Integrated Container's Virtual Container host (VCH), you see the error:
 
ERROR --------------------
ERROR vic-machine-windows create failed: tls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: [PKCS7]


Environment

VMware vSphere Integrated Containers 1.0.x

Cause

This issue occurs because the PKCS#7 (Cryptographic Message Syntax) format is not a PEM/x509 encoded certificate. Currently, this is not a supported format. The vic-machine create command looks for PEM/DER/ASN.1 encoded single certificate.

Resolution

To resolve this issue, install the VCH using custom certificate which is in PKCS#7 Format.
 
  1. Convert the certificate to PEM/DER/ASN.1 (CERTIFICATE blocks instead of PKCS#7 blocks).

    openssl pkcs7 -print_certs -<name of cert> -outform <output name.pem>

    </output>    Example:

    Original Cert is similar to:

    -----BEGIN PKCS7-----

    MIIWJAYJKoZIhvcNAQcCoIIWFTCCFhECAQExADALBgkqhkiG9w0BBwGgghX5MIIG
    MTCCBRmgAwIBAgIRAKtgRGNtoDIxrNiyUj2gR9UwDQYJKoZIhvcNAQELBQAwgZYx
    CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV
    <snip>

    Converted Cert is similar to:

    subject=/C=**/postalCode=*****/ST=IN/L=*******/street=****/street=***
    issuer=/C=**/ST=*******/L=*******/O=COMODO CA Limited/CN=*****
    -----BEGIN CERTIFICATE-----
    MIIGMTCCBRmgAwIBAgIRAKtgRGNtoDIxrNiyUj2gR9UwDQYJKoZIhvcNAQELBQAw
    gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
    BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD
    <snip>
     
  2. After the content is converted, use the converted certificate and key using --cert and --key.


Powered by Wolken Software