Configuring SDM in SMGR 8.1 1

[lopes1211]

I'm trying to add the AVP's of my LSP's into Solution Deployment Manager on SMGR 8.1.2. I've added the locations but I'm getting stuck when I try to add the Platform AVP/ESXI.

On the stand alone Windows client, I enter the platform name, IP, user, pwd, platform type, and save. I then get a certificate popup with a cert from the remote AVP which I can then accept and everything is happy.

Trying this same procedure on the SMGR SDM, I never get the certificate popup. I get an error "retrieving host certificate info has failed: the certificate for this server 111.222.333.444 is not updated in the keystore" .

What exactly is this telling me to do and where is it telling me to do it. I've been looking into this through docs, videos on and off for a while and I'm not finding any answers. Additionally, the system is hardened "military grade" which could also be causing an issue.

-CL

 

[lopes1211]

Yay!!!!! Finally got it.

First run this openssl command on AVP as it will be used for importing the certificate.
openssl x509 -text -in /etc/vmware/ssl/rui.crt
Copy the output to the clipboard from the "Begin Certificate" line to the "End Certificate"
Log into the System Manager web interface.
Go to Inventory -> Manage Elements
Select System Manager -> Manage Trusted Certificates
Click Add
Store Type = TM_OUTBOUND_TLS
Select Import as PEM certificate
Paste the information from the openssl x509 -text command starting from the "Begin Certificate" line to the "End Certificate" line.

-CL

 

[jimbojimbo]

Better solution is to correctly administer certificates on the AVP. /sbin/generate-certificate (with reboot) will generate a self-signed certificate with the correct hostname. After registering with SMGR you can use SMGR-SDM to create CSR and replace certificate with SMGR signed certificate. You really shouldn't be adding the self-signed entity certificates into the trusted certs.