- Valid Machine SSL custom certificate (.crt file). Valid Machine SSL custom key (.key file). Valid signing certificate for the custom machine SSL certificate (.crt file). If you are running the command on a management node in a multi-node deployment, IP address of the Platform Services Controller.
- Return to the vSphere 6.x Certificate Manager and select Option 1 (Continue to importing Custom certificate(s) and key(s) for Machine SSL certificate). Note: If you are using a chain of Intermediate CA and Root CA, see Replacing certificates using vSphere 6.0 Certificate Manager fails at 0% with the error: Operation failed, performing.
- Setup failed to generate the SSL keys.' When upgrading to Update Manager 5.0. This is a bug in vUM. Just got it escalated to VMware level 3 support.
- Setup Failed To Generate The Ssl Keys Vmware Server
- Setup Failed To Generate The Ssl Keys Vmware File
Here you will find a list of Key Vaults. From this page, click on the action icon next to the System Key Vault and select Manage Certificates. From within the Key Vault, you can import, create, or modify certificates. To create the new SSL certificate, click on Add Certificate. You will then need to complete the SSL Certificate form.
The machine SSL certificate is used by the reverse proxy service on every management node, Platform Services Controller, and embedded deployment. Each machine must have a machine SSL certificate for secure communication with other services. You can replace the certificate on each node with a custom certificate.Before you start, you need a CSR for each machine in your environment. You can generate the CSR using vSphere Certificate Manager or explicitly.
- To generate the CSR using vSphere Certificate Manager, see Generate Certificate Signing Requests with vSphere Certificate Manager (Custom Certificates).
- To generate the CSR explicitly, request a certificate for each machine from your third-party or enterprise CA. The certificate must meet the following requirements:
- Key size: 2048 bits or more (PEM encoded)
- CRT format
- x509 version 3
- SubjectAltName must contain DNS Name=<machine_FQDN>.
- Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment
See also VMware Knowledge Base article 2112014, Obtaining vSphere certificates from a Microsoft Certificate Authority.
- Start vSphere Certificate Manager and select option 1.
- Select option 2 to start certificate replacement and respond to the prompts. vSphere Certificate Manager prompts you for the following information:
- Password for [email protected]
- Valid Machine SSL custom certificate (.crt file).
- Valid Machine SSL custom key (.key file).
- Valid signing certificate for the custom machine SSL certificate (.crt file).
- If you are running the command on a management node in a multi-node deployment, IP address of the Platform Services Controller.
If you are upgrading from a vSphere 5.x environment, you might have to replace the vCenter Single Sign-On certificate inside vmdir. See Replace the VMware Directory Service Certificate in Mixed Mode Environments.
Setup Failed To Generate The Ssl Keys Vmware Server
Note: This article is specifically for vSphere 5.1 and vSphere 5.5 when using the SSL Certificate Automation Tool.
Setup Failed To Generate The Ssl Keys Vmware File
If you are using vSphere 5.1, see Deploying and using the SSL Certificate Automation Tool 5.1 (2041600).
If you are using vSphere 5.5, see Deploying and using the SSL Certificate Automation Tool 5.5 (2057340).
If you are implementing certificates manually, see Implementing CA signed SSL certificates with vSphere 5.x (2034833).