今回は以下のようなエラーメッセージにより、vSphere Certificate Manager
が起動しない場合の対処方法について記載します。
vCenter Server Appliance 7.0 でのエラーメッセージ
vCenter HA を構成していないにも関わらず、
[Certificate Manager tool do not support vCenter HA systems]
のエラーメッセージが表示される。
root@ss155 [ /var/tmp ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.8 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 4
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : Y
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Certificate Manager tool do not support vCenter HA systemsvCenter Server Appliance 6.7 でのエラーメッセージ
root@ss160 [ /var/tmp ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.7 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 4
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : Y
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Traceback (most recent call last):
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 762, in <module>
exit(main())
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 756, in main
parse_arguments()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 746, in parse_arguments
get_machine_ssl_cert_to_dir()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 614, in get_machine_ssl_cert_to_dir
vecs.get_cert_file(Constants.MACHINE_SSL_STORE, Constants.MACHINE_SSL_ALIAS, oldcert)
File "/usr/lib/vmware/site-packages/cis/certificateManagerOps.py", line 849, in get_cert_file
raise e
File "/usr/lib/vmware/site-packages/cis/certificateManagerOps.py", line 845, in get_cert_file
execute_command(cmd, quiet)
File "/usr/lib/vmware/site-packages/cis/certificateManagerOps.py", line 336, in execute_command
raise InvokeCommandException(msg)
cis.exceptions.InvokeCommandException: {
"problemId": null,
"componentKey": null,
"detail": [
{
"id": "install.ciscommon.command.errinvoke",
"translatable": "An error occurred while invoking external command : '%(0)s'",
"args": [
""
],
"localized": "An error occurred while invoking external command : ''"
},
"Error while creating backup cert file for MACHINE_SSL_CERT"
],
"resolution": null
}vCenter Server Appliance 6.5 でのエラーメッセージ
root@ss165 [ /var/tmp ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.5 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 4
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : Y
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Traceback (most recent call last):
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 716, in <module>
exit(main())
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 710, in main
parse_arguments()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 701, in parse_arguments
get_machine_ssl_cert_to_dir()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 573, in get_machine_ssl_cert_to_dir
vecs.get_cert_file(Constants.MACHINE_SSL_STORE, Constants.MACHINE_SSL_ALIAS, oldcert)
File "/usr/lib/vmware/site-packages/cis/certificateManagerOps.py", line 438, in get_cert_file
raise e
cis.exceptions.InvokeCommandException: {
"resolution": null,
"detail": [
{
"args": [
""
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : ''",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error while creating backup cert file for MACHINE_SSL_CERT"
],
"componentKey": null,
"problemId": null
}エラーメッセージの原因
結論としては、vSphere Certificate Manager で証明書を更新する際
に証明書のバックアップで利用される /var/tmp/vmware
ディレクトリが使用できない場合に上述のエラーメッセージが表示され
ます。
そのため、当該エラーが出力された際には /var/tmp 配下に vmware
ディレクトリが存在しているか確認し、存在していなかった場合は
作成してください。
/var/tmp/vmware が存在するにも関わらず、上述に記載したエラー
が表示される場合は、/var/tmp/vmware を再作成してみてください。
rm -rf /var/tmp/vmware
mkdir /var/tmp/vmware<参考>
Not able to start certificate-manager to replace certificates (67660)
https://kb.vmware.com/s/article/67660
なお、私自身が確認した限りの参考情報までとはなりますが、
vCenter Server 8.0 や 7.0 の最新バージョンでは、
/var/tmp/vmware ディレクトリが無くても自動で生成される
動作に改善されているように見受けられました。
