VCF 9 License File Download error "Failed to generate entitlements"
Article ID: 422236
Updated On:
Products
Issue/Introduction
- ssh-keygen utility is used to make the public key with the -m PEM parameter
- Generating a License file Download fails with Error "Failed to generate entitlements" in the VCF Business Services console.
Environment
VCF 9
Cause
-m PEM creates a key in an invalid PKCS1 format
ssh-keygen can create keys for use by SSH protocol. Setting a format of “PEM” when generating or updating a supported private key type will cause the key to be stored in the legacy PEM private key format.
Resolution
Use openssl is preferred to generate Private and Public keys.
CLI Commands to Generate an RSA Private and Public Key Pair:
# openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
# openssl rsa -pubout -in private_key.pem -out public_key.pem
To combine the public and private key pair, you can use the following command:
# cat private_key.pem public_key.pem > keypair.pem
Validate the hash matches for the Private and Public Key
# openssl rsa -pubin -noout -modulus -in public_key.pem| openssl sha256
SHA2-256(stdin)= ...abac
# openssl rsa -noout -modulus -in private_key.pem | openssl sha256
SHA2-256(stdin)= ...abac
Note, VCF appliances bundle the openssl utility...
Workaround IF using ssh-keygen to generate keys,
Set the key format parameter to pkcs8:
-m pkcs8
Additional Information
With VCF Business Services console, you can manage licenses, VMware Cloud Foundation Usage Meter appliances, user roles, and resource access.
Feedback
