Introducing VMware Validated Design 3.0 – VMware CTO Blog
Today we are delighted to announce that the new release VMware Validated Designs 3.0 will become available by the end of September!
Introducing a New Era of Cloud Freedom and Control -VMware Radius
Pat Gelsinger’s opening keynote to VMworld introduces a new Cross-Cloud Architecture that unifies private and public clouds.
Android Nougat Comes to the Enterprise
This week, Google began to release Android Nougat (7.0), the latest update to the Android operating system (OS). With this release comes enhanced features to provide more security and end-user controls, so Android devices are optimized for both work and personal use. Here are some key highlights to this update: Strengthened Security for Data Protection […]
Still Better Together: Juniper Networks QFX5100 Switches Certified with VMware NSX
It’s no secret that cloud computing is key to remaining competitive in today’s rapidly changing networking landscape. But, many organizations often overlook new network connectivity tools that are critical to capitalizing on all of the benefits offered by the cloud. That’s why I’m excited to share h…Read More
Converged Monitoring for Converged Infrastructure
Converged infrastructures have broad appeal to IT administrators, offering a single management console, components optimized for performance, simplified scalability, and more. Something that’s not always easy about converged infrastructure is monitoring. Using individual solutions for each component in your infrastructure can be inefficient, especially if those solutions are developed The post Converged Monitoring for Converged Infrastructure appeared first on…Read More
The Scoop: vRealize Automation 7.1 via virtualjad.com
vRealize Automation 7.1 in now G enerally A vailable for download. This release brings several features and enhancements, but primarily sticks to the themes of Time to Value , Quality and Stability . Another focus point for this release is to provide customers currently on vRA 6.x an upgrade path to all the benefits of the 7.x platform. vRealize Automation 7.1 Product Page: https://www.vmware.com/products/vrealize-automation Download:…Read More
Log Insight 3.6: Enhanced Query API via sflanders.net
Log Insight introduced a query API in version 3.3. In 3.6, the API has been enhanced to bring more parity to the existing UI capabilities. Read on to learn more! With Log Insight 3.6, you now have the following options also available to you: GET calls support a “duration”response which returns the number of milliseconds […] The post Log Insight 3.6: Enhanced Query API appeared first on SFlanders.net by Steve Flanders.
Every 2 year I’m facing the same problem – renew the SSL certificates in several platform, but especially in vCloud Director. And everytime I’ve to start from zero since I insist in recording only in memory the needed steps. This time I want to post the procedure in order to retrieve it next time, and in case someone else should need it.
I’ve been used largely the VMware KB 2014237
After receiving the certificate pack from the CA, we’ll have a couple of .crt files, domain and CA authority, and a .key one. vCloud Director doesn’t acept directly the .crt format so we’ve to convert it in .pfx. The first method indicated by the KB, passing through the web site to convert it failed (at least in my case), so I used the second one, openssl, directly inside the cell.
First step, I created a directory for this purpose, renamed the current certificates wherever they are
mkdir /root/cert mv /opt/vmware/certificates.ks /opt/vmware/certificates.ks_old
And then imported via SSH the 3 files: 2 .crt and 1 .key. After this I proceeded with creation of the .pfx, according to KB:
openssl pkcs12 -export -out /root/cert/certificate.pfx -inkey /root/cert/wildcard.domain.com.key -in /root/cert/STAR_domain_com.crt -certfile /root/cert/COMODORSAOrganizationValidationSecureServerCA.crt
It will ask for a password. Remember it, you’ll need later, many times!
Now move to the Java directory and run the certificate import command:
cd /opt/vmware/vcloud-director/jre/bin ./keytool -trustcacerts -storetype JCEKS -importkeystore -srckeystore /root/cert/certificate.pfx -destkeystore /opt/vmware/certificates.ks -srcstoretype pkcs12 -storepass PASSWORD
It will ask for the password again.
After receiving successful imported message, you should list the available aliases, receiving a message like the following:
./keytool -keystore /opt/vmware/certificates.ks -storetype JCEKS -list <insert password again> 1, Aug 22, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Let’s write down the first number: this is the alias to be used in the next command, assigning it to HTTP:
./keytool -storetype JCEKS -changealias -alias 1 -destalias http -keystore /opt/vmware/certificates.ks
If we want to use the same certificate for the console too (and this is our case, since certificate is *.domain.com), we have to restart the process from the import command, replacing in the last one the word “http” with “consoleproxy”:
./keytool -trustcacerts -storetype JCEKS -importkeystore -srckeystore /root/cert/certificate.pfx -destkeystore /opt/vmware/certificates.ks -srcstoretype pkcs12 -storepass PASSWORD ./keytool -keystore /opt/vmware/certificates.ks -storetype JCEKS -list ./keytool -storetype JCEKS -changealias -alias 1 -destalias consoleproxy -keystore /opt/vmware/certificates.ks
You’ll be asked the password after every command. It’s a bit annoying but I didn’t find a different way.
To verify if the 2 aliases are correctly certified, run the list command, you should have a similar output:
./keytool -keystore /opt/vmware/certificates.ks -storetype JCEKS -list Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 2 entries consoleproxy, Aug 22, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 http, Aug 22, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1):00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Certificates are imported. Now we should stop the service and configure the cell to point to the right path for the new certificates, and then we’ll be asked to start.
service vmware-vcd stop /opt/vmware/vcloud-director/bin/configure
If you have more than 1 cell, the procedure must be executed on all of them.
Configuring Auto Deploy Stateless Caching in vSphere 6.0 – Blah, Cloud.
Following on from my previous post on configuring custom ESXi images for PXE deployment, it piqued my interest again in Auto Deploy, now that I have a lab large enough (enough physical failure domains) to justify auto-deploy I figured i’d give it another go. I have chosen to implement stateless caching as it will allow …Read More