VCH Deployment Fails with Missing Common Name Error Even When TLS Options Are Specified Correctly
If you deploy a virtual container host (VCH) and you have specified one of the vic-machine create --tls-cname
, --no-tlsverify
, or --no-tls
options, or you set a static IP address on the client network, the deployment fails with an error about the certificate Common Name being missing.
Problem
Deployment fails during the validation of the configuration that you provided, even if you did specify a TLS option or you set a static IP address on the client network. For example:
$ vic-machine-windows create --target 'Administrator@vsphere.local:password'@vcenter_server --bridge-network vic bridge --no-tls ### Installing VCH #### [...] Common Name must be provided when generating certificates for client authentication: [...] Create cannot continue: unable to generate certificates -------------------- vic-machine-windows.exe failed: provide Common Name for server certificate
If you include a TLS option at the beginning of the vic-machine create
command rather than the end, you see the following error:
$ vic-machine-windows create --target 'Administrator@vsphere.local:password'@vcenter_server --no-tls --bridge-network vic bridge ### Installing VCH #### [...] Unknown argument: bridge -------------------- vic-machine-windows.exe failed: invalid CLI arguments
Cause
String values that you provided for certain options contain spaces or special characters that you did not escape with quotations marks. The vic-machine create
input validator validates the arguments that you provide only as far as the argument that includes the space or special character. If you specify the TLS option before the argument with the space or special character, vic-machine create
throws the correct error message. However, if you specify the TLS option after the argument that includes the space or special character, the vic-machine create
validator stops before it reaches the TLS option, and so throws the error about the missing Common Name.
Solution
Wrap any arguments that contain spaces or special characters in single quotation marks (') on Mac OS and Linux and in double quotation marks (") on Windows.
Option arguments that might require quotation marks include the following:
- User names and passwords in
--target
, or in--user
and--password
- Datacenter names in
--target
. - VCH names in
--name
. - Datastore names and paths in
--image-store
and--volume-store
. - Network and port group names in all networking options.
- Cluster and resource pool names in
--compute-resource
. - Folder names in the paths for
--tls-cert-path
,--tls-server-cert
,--tls-server-key
,--appliance-iso
, and--bootstrap-iso
.