1. 修改主机的IP、域名、主机名符合新证书的要求,将Certificate regeneration enabled改为Yes,Reboot vCenter,再将Certificate regeneration enabled改为No。
2. 停止服务:
service vmware-stsd stop service vmware-vpxd stop service vmware-rbd-watchdog stop rm /var/vmware/vpxd/autodeploy_registered
2. 把证书、私钥、证书链传到ssl/vpxd下面,文件名分别为:证书rui.crt,私钥rui.key,证书链cachain.pem,内容为证书链的逆序文件最后应该为自签名的RootCA,合并证书和证书链
cd mkdir ssl mkdir ssl/vpxd mkdir ssl/inventoryservice mkdir ssl/logbrowser mkdir ssl/autodeploy cd ssl/vpxd …… cat rui.crt cachain.pem > chain.pem
3. 替换vpxd证书
cd cd ssl/vpxd /usr/sbin/vpxd_servicecfg certificate change chain.pem rui.key
返回VC_CFG_RESULT = 0 表示成功,如果非0请看这里
4. 替换vCenter Inventory Service证书
service vmware-stsd start cd /etc/vmware-sso/register-hooks.d ./02-inventoryservice --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk cd cp ssl/vpxd/* ssl/inventoryservice/ cd ssl/inventoryservice/ openssl pkcs12 -export -out rui.pfx -in chain.pem -inkey rui.key -name rui -passout pass:testpassword cp rui.key /usr/lib/vmware-vpx/inventoryservice/ssl cp rui.crt /usr/lib/vmware-vpx/inventoryservice/ssl cp rui.pfx /usr/lib/vmware-vpx/inventoryservice/ssl cd /usr/lib/vmware-vpx/inventoryservice/ssl/ chmod 400 rui.key rui.pfx chmod 644 rui.crt cd /etc/vmware-sso/register-hooks.d ./02-inventoryservice --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password rm /var/vmware/vpxd/inventoryservice_registered service vmware-inventoryservice stop service vmware-vpxd stop service vmware-inventoryservice start service vmware-vpxd start
5. 替换VMware Log Browser service证书
cd /etc/vmware-sso/register-hooks.d ./09-vmware-logbrowser --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk cd cp ssl/vpxd/* ssl/logbrowser/ cd ssl/logbrowser/ openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx cp rui.key /usr/lib/vmware-logbrowser/conf cp rui.crt /usr/lib/vmware-logbrowser/conf cp rui.pfx /usr/lib/vmware-logbrowser/conf cd /usr/lib/vmware-logbrowser/conf chmod 400 rui.key rui.pfx chmod 644 rui.crt cd /etc/vmware-sso/register-hooks.d ./09-vmware-logbrowser --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password service vmware-logbrowser stop service vmware-logbrowser start
6. 替换vSphere Auto Deploy证书
cd cp ssl/vpxd/* ssl/autodeploy/ cp ssl/autodeploy/rui.crt /etc/vmware-rbd/ssl/waiter.crt cp ssl/autodeploy/rui.key /etc/vmware-rbd/ssl/waiter.key cd /etc/vmware-rbd/ssl/ chmod 644 waiter.crt chmod 400 waiter.key chown deploy:deploy waiter.crt waiter.key service vmware-rbd-watchdog stop rm /var/vmware/vpxd/autodeploy_registered service vmware-vpxd restart
7. Reboot vCenter
