Things to keep in mind when replacing #VMware #vSphere certificates

Some time ago, I replaced the SSL certificates in our test environment with the SSL Certificate Automation Tool. Everything went well, but some of the applications we were using or evaluating stopped working. This post will hopefully help you prevent applications to stop working after you replace the certificates in your environments.

Veeam Backup & Replication
As creating backups is an important part of your daily operations, it’s advisable to check your Veeam B&R configuration after replacing your certificates. Veeam B&R talks directly with your vCenter server or ESXi hosts after accepting the initial SSL certificate. We actually have any issues after replacing the vCenter Server certificates, but still; double check to be sure.

Veeam Management Pack for VMware
Monitoring your VMware environment with Microsoft System Center Operations Manager is easy with the Veeam MP for VMware. I have no experience with the impact of replacing the certificates when this application is operational. I will know more next month and will update this post afterwards. Update: Veeam MP for VMware is not impacted when replacing vCenter Server certificates.

VMware vCenter Operations Manager
Our vCOPS application stopped working (no new data was collected) after replacing the vCenter Server certificates. After rediscovering the vCenter Server from the vCOPS admin view, everything started working again.

VMTurbo Operations Manager
Same issue as with vCOPS; rediscover your vCenter Server and accept the new certificate.

VMware vShield Manager
I tried rolling out some new networks thru vCloud Director and it came back with the following error:

Unable to deploy network “TempNetwork(urn:uuid:2fc7a599-0700-44da-b531-39f72485d03e)”.
com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (500): vCenter Connection is not available.

Everything in vCloud Director was looking fine (refreshing storage profiles, reconnecting the vCenter Server). But still, why was this not working? vCloud Director utilizes vShield Manager to deploy edges and virtual wires, so I had a look there. Using the Settings & Reports menu and going to the Configuration tab, I noticed the following:

Last successful inventory update was on… (Long time ago)

I edited the vCenter Server part, re-entered the correct credentials and accepted the SSL certificate. That did the trick.

Besides these applications, you can probably think of more applications who could suffer when you replace certificates and don’t accept them after this action. What experiences do you have about this subject? Please let me know so I can make my list more complete.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s