HPE Community
HPE SimpliVity
1825012 Members
4682 Online
109678 Solutions
New Discussion ī„‚

Disable TLS certificate validation on HPE OmniStack for vSphere

 
newnet
Occasional Advisor

ā€Ž12-15-2023 07:07 AM - last edited on ā€Ž12-21-2023 12:32 PM by

ā€Ž12-15-2023 07:07 AM - last edited on ā€Ž12-21-2023 12:32 PM by

Disable TLS certificate validation on HPE OmniStack for vSphere

Hi everyone,

After regenerating the vCenter 7.0.2 VM SSL certificate (same IP), accessing the OmniStack virtual controller via ssh does not work correctly using VCenter administrator credentials and the HPE SimpliVity Plugin for vSphere Client returns  "Response error 400" and "HPE SimpliVity Plug-in cannot complete the task because it cannot contact the Virtual Controller."

i tried to use command dsv-update-vcenter but give always "Error 0, Failed to validate and save vCenter credential, please double check the input."

exactly like described here https://support.hpe.com/hpesc/public/docDisplay?docId=sf000063788en_us&docLocale=en_US&page=index.html

i found this guide to Disable TLS certificate validation on HPE OmniStack for vSphere  
https://developer.hpe.com/platform/hpe-simplivity/tls-certificate-validation/ but is only for windows host

can anyone help me to do that in linux version of OmniStack ?

thanks in advance

Pierpaolo

 

 

 

 

 

0 Kudos
Reply
10 REPLIES 10
support_s
System Recommended

ā€Ž12-15-2023 08:08 AM

ā€Ž12-15-2023 08:08 AM

Query: Disable TLS certificate validation on HPE OmniStack for vSphere

System recommended content:

1. HPE OmniStack 4.1.3 for vSphere Administration Guide

2. HPE OmniStack 4.2.0 for vSphere Administration Guide

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
shiva_jr
HPE Pro

ā€Ž12-15-2023 08:38 AM

ā€Ž12-15-2023 08:38 AM

Re: Disable TLS certificate validation on HPE OmniStack for vSphere

Hi Newnet,
     This issue may be due to the CA certificate. Please refer this document.
      Try with Chrome once and don't keep the browser idle for 30 minutes. Refer this document.
Regards,
Shiva_JR



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
newnet
Occasional Advisor

ā€Ž12-15-2023 08:56 AM

ā€Ž12-15-2023 08:56 AM

Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

our current version is HPE OmniStack 4.1.3 in the vSphere Administration Guide doesn't reports how to Disable TLS certificate validation on HPE OmniStack for vSphere and execute dsv-update-vcenter

0 Kudos
Reply
gustenar
HPE Pro

ā€Ž12-19-2023 11:21 AM

ā€Ž12-19-2023 11:21 AM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

Hello @newnet

Try the same command and use the --password switch on it. Ensure the password is between double quotes. Certain special characters could cause issues with the validation of the credentials. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
newnet
Occasional Advisor

ā€Ž12-19-2023 01:54 PM

ā€Ž12-19-2023 01:54 PM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

with command sudo dsv-update-vcenter i receive

Verifying credentials ...
Successfully verified credentials with the vCenter
Updating authentication information for XX.XX.XX.XX ...
Failed to update authentication information for XX.XX.XX.XX:
Error 0, Failed to validate and save vCenter credential, please check the input.

then i tried to access the vCenter ssh from OVC session with same credentials

svtcli@omnicube-ip1-34:~$ ssh administrator@n1whq.local@XX.XX.XX.XX
The authenticity of host 'XX.XX.XX.XX (XX.XX.XX.XX)' can't be established.
ECDSA key fingerprint is SHA256:QZ+H4AT8h3h791V9dpc2A9Bo1oTItOu8wBYixAK9XVc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/mnt/.ssh/known_hosts).

VMware vCenter Server 7.0.2.00500

administrator@n1whq.local@XX.XX.XX.XX's password:
Connected to service

* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"

Command>

seams the OVC can connect to vCenter and credentials are correct

i tried again to authenticate by svt-session-start command

svtcli@omnicube-ip1-34:/$ svt-session-start
vCenter server: XX.XX.XX.XX
Enter username: administrator@n1whq.local
Enter password for administrator@n1whq.local:
Error: Error connecting to server at 'XX.XX.XX.XX': The server may not be a hypervisor server or a virtualization management server

Does anyone have any idea what it would be about

thanks in advance

 

0 Kudos
Reply
newnet
Occasional Advisor

ā€Ž12-19-2023 02:14 PM

ā€Ž12-19-2023 02:14 PM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

@gustenar 

i tried to execute svtcli@omnicube-ip1-34:/$ svt-iwo-show

I recieved

Error retrieving the host information: $VAR1 = bless( {
'errorString' => 'HVALInvalidSessionException:Type: \'java.rmi.RemoteException\' Detail: \'VI SDK invoke ex ception in connection to https://sdkTunnel:8089/sdk/vimService; nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Tru stAnchor found but certificate validation failed.\' Cause: \'javax.net.ssl.SSLHandshakeException: PKIX path validation faile d: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.\'',
'errorCode' => 9
}, 'hyperproxy::RPC::SvtErrorReturnException' );

do you think i have to delete expired certificate of vCenter ? and how i can do?

0 Kudos
Reply
newnet
Occasional Advisor

ā€Ž12-19-2023 03:17 PM - last edited on ā€Ž12-19-2023 10:12 PM by

ā€Ž12-19-2023 03:17 PM - last edited on ā€Ž12-19-2023 10:12 PM by

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

@gustenar 

i found the certificate iusse!!!

when i try to execute dsv-update-vcenter  i receive

Updating certificates ...
Successfully read certificates
Successfully parsed certificate
Thumbprint : F0:91:A1:AF:A3:0A:45:A1:98:50:4A:1C:2A:98:D2:92:7D:98:E5:22
issuer=CN = CA, DC = nwhq, DC = local, C = US, ST = California, O = localhost, OU = VMware Engineering
subject=CN = CA, DC = nwhq, DC = local, C = US, ST = California, O = localhost, OU = VMware Engineering
Valid From : Dec 5 15:41:23 2021 GMT
Valid To : Dec 3 15:41:23 2031 GMT
Serial Number : **Confidential info erased**

but the current Thumbprint of vCenter is DB11BE159E6C8F50645F9060B3B9E8139F0CDD25

how i can remove the old certificate from OVC?

 

 

0 Kudos
Reply
newnet
Occasional Advisor

ā€Ž12-19-2023 04:25 PM

ā€Ž12-19-2023 04:25 PM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

@gustenar  it's Certainly a certificate truble
root@omnicube-ip1-34:/home/svtcli# curl https://XX.XX.XX.XX:443/sdk/vimService.wsdl -v
* Trying XX.XX.XX.XX...
* TCP_NODELAY set
* Connected to XX.XX.XX.XX (XX.XX.XX.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

 

 

 

0 Kudos
Reply
gustenar
HPE Pro

ā€Ž12-20-2023 05:19 AM

ā€Ž12-20-2023 05:19 AM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

So I see that credential validation passed on the "dsv-update-vcenter" command. Were you able to run this command completely and reboot the OVC? I'm not clear if it was succesful or not. This command will load the new certificates and update the OVC. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
gustenar
HPE Pro

ā€Ž12-20-2023 05:22 AM

ā€Ž12-20-2023 05:22 AM

Re: Rif.: Query: Disable TLS certificate validation on HPE OmniStack for vSphere

One more thing, make sure your DNS servers are correct. On the OVCs, you can do a 'cat /etc/resolv.conf' to verify.

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.