OPERATIONAL DEFECT DATABASE
...
...
When replacing the SSL certificate for Update manager using the Update Manager utility, the certificate used on Port 9087 is not replaced.Note: For more information, see: For vCenter Server 5.0 and 4.x: Replacing SSL certificates for VMware vCenter Update Manager by using the Update Manager Utility (1023011). For vCenter Server 5.1 and 5.5: Configuring CA signed SSL certificates for vSphere Update Manager in vCenter Server 5.1 and 5.5 (2037581) The default VMware certificates are used in port 9087.
Port 9087 in Update Manager is used to send the Jetty Session ID and is used for importing offline bundles or upgrade release files. Prerequisites: OpenSSL will need to be installed on the machine running VMware Update Manager, available at Welcome to the OpenSSL Project.Note: The preceding link was correct as of April 06, 2015. If you find the link is broken, provide feedback and a VMware employee will update the link. The CA provided/custom certificates to replace the default certificate (.crt and .key files). To replace the Certificate proceed through these steps: Backup the SSL folder in the Update Manager install directory. The default path in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL Stop the vSphere Updated Manager service. For more information, see Stopping, starting, or restarting the vSphere Update Manager service (1039328). Open the C:\Program Files (x86)\VMware\Infrastructure\Update Manager\jetty-vum-ssl.xml file in a text editor. Record the information in the string that begins with <Set name="Password"> and ends with </Set> For example:<Set name="Password">OBF:1vu51xg31sw41zen1svu1xez1vv5 </Set> Download the attached .zip file and extract the.jar file to C:\Program Files (x86)\VMware\Infrastructure\Update Manager\jre\bin\ Open a command prompt by clicking Start > Run and type cmd and press Enter. From a command prompt change the directory to: C:\Program Files (x86)\VMware\Infrastructure\Update Manager\jre\bin Run this command using the information gathered in step 4:java -jar jetty_deobfuscate.jar keystore_passwordFor example: java -jar jetty_deobfuscate.jar OBF:1vu51xg31sw41zen1svu1xez1vv5 Copy the output for later use. From the command prompt change to the directory OpenSSL is installed in Note: The default is C:\OpenSSL-Win32\bin Run this command to create the .p12 file from your replacement .crt and .key file:openssl pkcs12 -export -in crt_file_location -inkey key_file_location -out p12_file_path\keyname.p12 -name vum-jetty Enter the password from step 8 when prompted. Once completed change the directory to: C:\Program Files (x86)\VMware\Infrastructure\Update Manager\jre\bin To verify the password, run this command:keytool -list -storepass keystore_password -keystore ..\..\SSL\vmware-vum.keystoreNote: Use the password gathered in step 8 The output should contain two alias entries, one for vum-server and a second for vum-jetty. To delete vum-jetty alias, run this command:keytool -delete -alias vum-jetty -storepass keysore_password -keystore ..\..\SSL\vmware-vum.keystore Verify there is only one entry for vum-server when running the command in step 14. Run this command to import the vum-jetty alias:keytool -importkeystore -srckeystore p12_file_path -srcstoretype PKCS12 -destkeystore ..\..\SSL\vmware-vum.keystore -storepass keystore_password Enter the keystore password when prompted. Run this command to confirm there are now two entries again:keytool -list -storepass keystore_password -keystore ..\..\SSL\vmware-vum.keystore Restart the vCenter Update Manager service. For more information, see Stopping, starting, or restarting the vSphere Update Manager service (1039328). To verify if the certificates are involved, open a web browser and navigate to https://vCenter_Update_Manager_FQDN:9087 and verify the information of the certificate when prompted.
Replacing SSL certificates for VMware vCenter Update Manager by using the Update Manager UtilityStopping, starting, or restarting the vSphere Update Manager serviceConfiguring CA signed SSL certificates for vSphere Update Manager in vCenter Server 5.1 and 5.5vCenter Update Manager の SSL 証明書を置き換えてもポート 9087 で Update Manager が使用する証明書が置き換わらない替换 vCenter Update Manager 的 SSL 证书时不会替换端口 9087 上 Update Manager 使用的证书
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
