Signed certificate gotcha for VIC 1.3.1

As a follow up on my previous post, I wanted to discover how to deploy the new released VMware vSphere Integrated Containers 1.3.1 appliance with a signed certificate for the management portal on port 8282.

The certificate section looks very promising during the .ovf deployment phase and I could provide the SSL Cert, SSL Cert Key and CA Cert.

However, after the deployment the vic management console was not accessible ;(

What did I missed ?

This article describes how I managed to replace the self signed certificate for a signed certificate on the VIC appliance after the initial deployment.

1. Deploy the VIC 1.3.1 appliance using the ova file. (I used vic-v1.3.1-3409-132fb13d.ova)

2. Try to access the vic management portal on port 8282.

If you are unable to access the the vic management portal, there is a big chance that the provided signed certificate is incorrect. You can always choose to ignore the certificate part during deployment and it will use self signed certificates.

Again, in my case, I used a signed certificate and the vic management portal was not accessible. After some research I noticed that the private key of the signed certificate, needs to be in PKCS#8 format.

You can also check the log files on the vic appliance on the location /storage/log/admiral for more information.

3. Convert the private key of your signed certificate in PKCS#8 format by using the following command: openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in server.crt -out key.pkcs8.pem

4. Replace the private key on the vic appliance with the private key what has been converted to PKCS#8 format. You can find the existing private key and certificate on the vic appliance on the location /storage/data/admiral/configs

Rename the incorrect private key to server.key_original

Rename the new converted private key to server.key

5. Restart the admiral service with the following command systemctl restart admiral.service

6. Next check for the status of the admiral.service service by using the command systemctl status admiral.service. It will tell you if the service is active or not.

7. Finally,try again to access the vic management portal on port 8282. This time it should be accessible.

Enjoy using vSphere Integrated Containers 🙂