Loading...
Loading...
KMS configuration failing after upgrade Cloudlink 8.1.0 to 8.2 due to incorrect signed CA cert
Cloudlink8.2 has the latest security libraries which require specific fields (highlighted) must update in the signed CA certificate. For Example, highlighted fields: openssl req -x509 -newkey rsa:4096 -keyout clusterca_key.pem -out clusterca.pem -sha256 -days 365 -addext 'keyUsage=keyCertSign' -addext "basicConstraints=critical,CA:TRUE,pathlen:0" -subj '/CN=pp-clc802-oct28-1/O=Dell/OU=ISG/ST=TX/L=RoundRock' -addext 'subjectAltName=DNS:pp-clc802-oct28-1,DNS:pp-clc802-oct28-2' -addext 'subjectKeyIdentifier=hash'
Regenerating certificates with CA field set to true using CA cert authority for KMIP server which is Cloudlink server. Log in to Cloudlink UI -->click "KMIP SERVER" --> click "Information" -->click "Actions" -->click "Upload CA Signed PEM" Once the Cloudlink KMIP server cert update, we must generate new KMIP client certificates to add to KMS trusted configuration at the vCenter. In the KMIP SERVER section -->click "Client" --> Select the Client-->go to "Actions" --> "Generate New Certificate" You should see the .zip file with the Client name consists of three files (ca.pem, cert.pem, and key.pem). Log in to vCenter --> select the vCenter object ---> go to configure --> go to "key Provider" --> select the cluster name --> select the "Establish Trust" in the below --> select the "Make KMS trust vCenter" --> select the third radio button and next --> upload cert.pem and key.pem --> click "ESTABLISH TRUST" which will complete the configuration.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.