Obtain vSphere Certificate Thumbprints

If your vSphere environment uses untrusted, self-signed certificates to authenticate connections, you must specify the thumbprint of the vCenter Server or ESXi host certificate in all vic-machine commands to deploy and manage virtual container hosts (VCHs). If your vSphere environment uses trusted certificates that are signed by a known Certificate Authority (CA), you do not need to specify the --thumbprint option.

You can use either SSH and OpenSSL or the Platform Services Controller to obtain certificate thumbprints, either before you run vic-machine commands, or to confirm that a thumbprint in an error message is valid.

vCenter Server Appliance or ESXi Host

You can use SSH and OpenSSL to obtain the certificate thumbprint for a vCenter Server Appiance instance or an ESXi host.

  1. Use SSH to connect to the vCenter Server Appliance or ESXi host as root user.
    $ ssh root@vcsa_or_esxi_host_address
  2. Use openssl to view the certificate fingerprint.

    • vCenter Server Appliance:
      openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout
    • ESXi host:
      openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
  3. Copy the certificate thumbprint for use in the --thumbprint option of vic-machine commands.

Platform Services Controller

You can obtain a vCenter Server certificate thumbprint by logging into the Platform Services Controller for that vCenter Server instance.

  1. Log in to the Platform Services Controller interface.

    • Embedded Platform Services Controller: https://vcenter_server_address/psc
    • Standalone Platform Services Controller: https://psc_address/psc
  2. Select Certificate Management and enter a vCenter Single Sign-On password.

  3. Select Machine Certificates, select a certificate, and click Show Details.
  4. Copy the thumbprint for use in the --thumbprint option of vic-machine commands.

results matching ""

    No results matching ""