15 Responses to чуви, а есть VMware блог?

  1. TsiCap:

    virt.hardblog.net девственно чистая :))

  2. Sseef:

    да просто есть вопрос – по поводу импорта новых сертификатов в vCenter und esxi (5.0)

  3. Sseef:

    : крутяк, тогда вот мой вопрос

    Hello.
    We were trying to install new certificates to vCenter and esxi servers. For that purpose in our test lab was created standalone root CA. And all certificates that were signed by our CA were pre-trusted on every client machine that was used by vSphere Client for connecting to vCenter and esxi hosts.

    New certificates was created, signed and installed according to the official VMware documentation followed by the url – http://pubs.vmware.com/vsphere-50/topic/… (Increasing Security for Session
    Information Sent Between vSphere
    Components)

    After successfully importing new certificates we trying to do some tests, like connecting to vCenter server using web browser (no errors), connecting to vCenter server using vSphere client (no errors), connecting to esxi hosts using vShpere client (no errors)
    – “No errors” means that vSphere client didn’t show warning messages about new certificates, as they are were pre-trusted on client machine.

    But, when we trying to add host to vCenter server there was a warning message – “Security Alert Unable to verify the authenticity of the specified host. The SHA1 thumbprint of certificate is: —- – –
    Do you wish to proceed?”

    At this time in esxi vpxa.log we can see the following message –

    “2012-01-13T07:51:01.933Z [FFC44B90 warning ‘Libs’] SSL_VerifyX509: Certificate verification is disabled, so connection will proceed despite the error”

    But in vCenter settings in SSL subsection checkbox “vCenter requires verified host SSL certificates” is on.

    So the question is – Is this normal, or such warning message tells us that new certificates were imported with an error.

    Also, vSphere Client does not check the CRL (certificates revocation list) – that is normal for VMware vSphere Client?

    Also in the official VMware documentation there is no description for certificate usage for new certificates (such as : TLS web server auth, time stamping, ocsp signing etc), so the question is what certificates roles(usage) should be on new certificates that we want to import in vCenter and esxi hosts.

    Thanks.

  4. 905App:

    : Щас посоны набигут.

  5. TsiCap:

    : На vmware же форум есть, и русский тоже есть.

  6. Sseef:

    : да мне даже официальная тп ответа дать не может, какой там форум

  7. TsiCap:

    : ТП, блин. Разогнать до скорости света.

  8. Redoff:

    есть cloud.hardblog.net – пиши туда )

  9. Sseef:

    : о, спасибо

  10. Redoff:

    : у нас там пока еще только собирается тусовка, но дальше будет больше

  11. IIIAll:

    : Какие именно сертификаты? Серверные или клиентские?
    Там есть один ньюанс под винды.

  12. IIIAll:

    : сорри, до конца пост не дочитал

  13. IIIAll:

    : Была похожая проблема, она состояла в том что винды хранят сертификаты в разных местах. Решилось переносом сертификата из хранилиша current user в local computer (или наоборот, уже не помню)

Добавить комментарий