Piszki Lab | EN

My case study in the clouds…

VMware Integrated Containers 1.3 – HTML5 Plugin SSL Hadshake error (EN)

| 0 comments

One of the main innovations in VMware Integrated Containers 1.3 (VIC) is the extended plugin for vSphere Client UI (html5) with which you can configure and run the VMware Container Host (VCH). This plugin depends on the correct SSL configuration in vCenter. And here the river theme appears, what is the correct configuration? As it turns out, everyone who has generated a certificate from VMCA signed by Root CA (aka custom certificate) has an almost good configuration. Where the problem arises, I will describe below.

vic-product

We will start from scratch, we have launched VIC according to the instructions, the plugin has been uploaded correctly but it does not work (it does not show any content). In the log:

/storage/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log

A message appears (plus many more):

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Server certificate chain is not trusted and thumbprint doesn’t match

This problem has affected many people, after a long investigation it turned out that the problem is a CA certificate (Root or VMCA) attached to the machine certificate. By entering the address https: // vCenter / psc we can review the current content of VMware VECS, including the __MACHINE_CERT store:

vic2

As you can see __MACHINE_CERT contains in addition to the machine certificate a CA certificate (VMCA) which signed the certificate. And this is not the right situation. Unfortunately, to correct this problem, you must regenerate (if you do not have an old one) or re-upload your certificate without a CA certificate. It looks like this correctly:

vic1

From now on, all operations performed from the VIC level of the html5 plugin will work without any problem.

vic3

Rate this article:
[Total: 0 Average: 0]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.