- Community Home
- >
- Software
- >
- HPE OneView
- >
- Cannot add hypervisor manager to Oneview
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-09-2019 07:11 AM
09-09-2019 07:11 AM
Cannot add hypervisor manager to Oneview
I get this error when attempting to add vcenter to Oneview:-
Certificate seems fine on vcenter, is this a Oneview certificate issue or what? I tried adding a cert with a full chain to Oneview, and it did not accept anything other than a single machine cert only. This is the only thing on our network which seems to have an issue with the vcenter certificate, which is installed as a .pem with its full chain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-09-2019 09:35 AM
09-09-2019 09:35 AM
Re: Cannot add hypervisor manager to Oneview
For anyone else who has this issue, the solution is to only have ONE intermediate certificate server in your cert chain on the vcenter server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2019 11:00 PM - edited 09-11-2019 11:01 PM
09-11-2019 11:00 PM - edited 09-11-2019 11:01 PM
Re: Cannot add hypervisor manager to Oneview
Hi @T_1_6
Thank you for sharing the workaround you found.
We do support external servers such as AD server, vCenter with a multi-level CA signed certificate chain.i.e. servers setup with a Root CA + intermediate CA + leaf level CA signed certificate for the server.
The error seems to indicate "invalid input chain".
Would be very helpful for us to look at this and understand what is special with this chain.
Would it be possible for you to raise a support case with the CA certificate chain PEM file (and a support dump so we can see the actual error in the cidebug.log file)?
Regards
Bhaskar
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2019 01:55 AM - edited 10-01-2019 02:07 AM
10-01-2019 01:55 AM - edited 10-01-2019 02:07 AM
Re: Cannot add hypervisor manager to Oneview
Hi @T_1_6
I generated a 2 level CA chain - i.e. 1 Root CA +1 intermediate CA and replaced vmware's default vmca within the vCenter appliance using /usr/lib/vmware-vmca/bin/certificate-manager option 2.
Used vCenter 6.5 for this excerise.
When providing a CA chain to certificate-manager, I provided the chain as input, i.e. inter.crt and root.crt concatenated in a single file. The private key I provided is that of the intermediate. (inter.key)
I then imported the Root CA (topmost root) into OneView's trust store via Manage Certificates -> Add Certificate.
With this, I am able to add this VCenter in OneView using Add hypervisor manager.
Can you describe what steps you went through to get a multi level CA chain on vCenter?
Invalid input chain indicates the CA chain PEM file contents arent a chain.
Regards
Bhaskar
I am an HPE employee
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP