SSL certificate cannot be trusted on Port 1514 on the vCenter Server
Article ID: 390551
Updated On:
Products
VMware vCenter Server 6.0
VMware vCenter Server 7.0
VMware vCenter Server 8.0
Issue/Introduction
VA tool has identifies that the certificate on the port 1514 on the vCenter Server is not trusted.
Environment
vCenter Server 6.x
vCenter Server 7.x
vCenter Server 8.x
Cause
- This is because the certificate in use on the vCenter Server has not been added to the exception list on the VA tool.
OR - You are using VMCA Signed Certificates on the vCenter Server.
Resolution
- Add the certificate to the exception list on the VA tool for the port 1514.
OR - Replace the certificate on the vCenter Server using Custom CA Signed Certificates using the article Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate
Additional Information
The port 1514 on the vCenter Server is expected to use the same certificate as that of port 443.
This port is for Remote logging using syslog over TLS.
To verify if the same certificate is being used on the ports , use the below commands.
openssl s_client -connect localhost:1514 -showcerts null | openssl x509 -text -noout | grep -A 2 "depth\|Signature\|X509v3\|Issuers" | grep -A 2 "Subject Key\|Authority Key"
openssl s_client -connect localhost:443 -showcerts null | openssl x509 -text -noout | grep -A 2 "depth\|Signature\|X509v3\|Issuers" | grep -A 2 "Subject Key\|Authority Key"
Feedback
Yes
No
Powered by
