Unable to Access VCD UI After Importing SSL Certificates
Article ID: 342533
Updated On:
Products
VMware Cloud Director
Issue/Introduction
- The purpose of this documentation is to restore access to a VCD environment that has become inaccessible after updating the SSL certificates
Symptoms:
- After successfully importing updated HTTPS and ConsoleProxy certificates, the VCD UI is suddenly inaccessible
- The Public Address for VCD returns an "ERR_SSL_PROTOCOL_ERROR" response, similar to the following:
Environment
VMware Cloud Director for Service Provider 10.x
VMware Cloud Director 10.x
VMware Cloud Director 10.x
Cause
- This issue occurs because some legacy private key formats can successfully import into the VCD appliances, but are otherwise incompatible with establishing an SSL connection
Resolution
- To resolve, check if your private key files are encrypted. If they are, you should see a banner similar to the following at the beginning of the key contents:
-----BEGIN ENCRYPTED PRIVATE KEY-----
- If the key is encrypted, run the following command to unencrypt the key file:
openssl rsa -in encrypted_private.key -out decrypted_private.key
- Once the key is unencrypted, run the following command to re-format and re-encrypt the key:
openssl pkcs8 -topk8 -in user.http.unencrypted.key -out user.http.encrypted.key
- After the key is correctly formatted and encrypted, re-import the .pem and .key files into each of the VCD cells and verify that access to the UI is restored thereafter
Workaround:
- At this time, the workaround is to re-format and re-encrypt the private key files with the following commands:
openssl rsa -in encrypted_private.key -out decrypted_private.key
openssl pkcs8 -topk8 -in user.http.unencrypted.key -out user.http.encrypted.key
openssl pkcs8 -topk8 -in user.http.unencrypted.key -out user.http.encrypted.key
Additional Information
https://docs.vmware.com/en/VMware-Cloud-Director/10.3/VMware-Cloud-Director-Install-Configure-Upgrade-Guide/GUID-74296A4D-416F-4D7F-BBD6-BA983AAAD4E7.html
Impact/Risks:
Impact/Risks:
- This issue will prevent any access to the VCD UI
Feedback
Yes
No
Powered by
