However, when I tried to access the VMware Appliance Management Interface (VAMI), I received a Not Secure prompt. I was unable to proceed to the site.
Advanced details showed the following;
MyServer.MyDomain.com normally uses encryption to protect your information. When Google Chrome tried to connect to MyServer.MyDomain.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be MyServer.MyDomain.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit MyServer.MyDomain.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Well, there appears to be a bug where with the VMware vCSA 6.X. After applying a new vCSA certificate, the VMWare Appliance Management Interface (VAMI) does not display the new certificate.
To resolve this issue for a vCSA running 6.5, perform the following:
1. Copy the CA cert to the following directory : /etc/applmgmt/appliance/ca.crt
By default, the ca.crt file does not exist in this directory. FYI, Applmgmt is the VMware Appliance Management Service.
2. Using VI, open the following file: /opt/vmware/etc/lighttpd/lighttpd.conf
3. Add the following line to the file: ssl.ca-file="/etc/applmgmt/appliance/ca.crt"
3. Restart the VAMI Service by running: /etc/init.d/vami-lighttp restart
Enjoy the nice Green Secure lock!
Wow, that was obscure. It worked! Where did you find info on this or how did you figure it out?
ReplyDelete