- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: Cannot add hypervisor manager to Oneview
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2019 07:11 AM
09-09-2019 07:11 AM
Cannot add hypervisor manager to Oneview
I get this error when attempting to add vcenter to Oneview:-
Certificate seems fine on vcenter, is this a Oneview certificate issue or what? I tried adding a cert with a full chain to Oneview, and it did not accept anything other than a single machine cert only. This is the only thing on our network which seems to have an issue with the vcenter certificate, which is installed as a .pem with its full chain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2019 09:35 AM
09-09-2019 09:35 AM
Re: Cannot add hypervisor manager to Oneview
For anyone else who has this issue, the solution is to only have ONE intermediate certificate server in your cert chain on the vcenter server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2019 11:00 PM - edited 09-11-2019 11:01 PM
09-11-2019 11:00 PM - edited 09-11-2019 11:01 PM
Re: Cannot add hypervisor manager to Oneview
Hi @T_1_6
Thank you for sharing the workaround you found.
We do support external servers such as AD server, vCenter with a multi-level CA signed certificate chain.i.e. servers setup with a Root CA + intermediate CA + leaf level CA signed certificate for the server.
The error seems to indicate "invalid input chain".
Would be very helpful for us to look at this and understand what is special with this chain.
Would it be possible for you to raise a support case with the CA certificate chain PEM file (and a support dump so we can see the actual error in the cidebug.log file)?
Regards
Bhaskar
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2019 01:55 AM - edited 10-01-2019 02:07 AM
10-01-2019 01:55 AM - edited 10-01-2019 02:07 AM
Re: Cannot add hypervisor manager to Oneview
Hi @T_1_6
I generated a 2 level CA chain - i.e. 1 Root CA +1 intermediate CA and replaced vmware's default vmca within the vCenter appliance using /usr/lib/vmware-vmca/bin/certificate-manager option 2.
Used vCenter 6.5 for this excerise.
When providing a CA chain to certificate-manager, I provided the chain as input, i.e. inter.crt and root.crt concatenated in a single file. The private key I provided is that of the intermediate. (inter.key)
I then imported the Root CA (topmost root) into OneView's trust store via Manage Certificates -> Add Certificate.
With this, I am able to add this VCenter in OneView using Add hypervisor manager.
Can you describe what steps you went through to get a multi level CA chain on vCenter?
Invalid input chain indicates the CA chain PEM file contents arent a chain.
Regards
Bhaskar
I am an HPE employee