Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation troubleshooting: browser rejects vicadmin and Management Portal certificate #526

Closed
hickeng opened this issue Aug 5, 2017 · 3 comments
Closed

Documentation troubleshooting: browser rejects vicadmin and Management Portal certificate #526

hickeng opened this issue Aug 5, 2017 · 3 comments
Assignees
@stuclem
Labels
area/pub/vsphere Published documentation for vSphere administrators area/pub Published documentation for end-users product/admiral Related to the vSphere Integrated Containers Managment Portal product/engine Related to the vSphere Integrated Containers Engine product/harbor Related to the VMware vSphere Integrated Containers Registry

Comments

@hickeng
Copy link
Member

hickeng commented Aug 5, 2017

Problem
Chrome (and maybe other browsers) report ERR_CERT_INVALID and the detail reports an "invalid digital signture"

Cause
Probable cause is that a client certificate or generated CA for a prior VCH with the same IP or hostname was added to the client computers keychain.

Solution
Windows 10: run the Manage user certificates utility and ensure no Certificate Authorities or client certificates are installed for the target VCH IP or FQDN. These will likely be found under either of the following sections:

  • Personal
  • Trusted Root Certification Authorities

Generated VCH certificates have the VCH name (of the old VCH) as the Issuer.
@hickeng hickeng added the area/pub Published documentation for end-users label Aug 5, 2017
@hickeng hickeng changed the title Document troubleshooting: Documentation troubleshooting: browser rejects vicadmin certificate Aug 6, 2017
@stuclem stuclem self-assigned this Aug 7, 2017
@stuclem stuclem added product/engine Related to the vSphere Integrated Containers Engine area/pub/vsphere Published documentation for vSphere administrators labels Aug 7, 2017
@stuclem stuclem added product/admiral Related to the vSphere Integrated Containers Managment Portal product/harbor Related to the VMware vSphere Integrated Containers Registry labels Aug 29, 2017
@stuclem
Copy link
Contributor

stuclem commented Aug 29, 2017

This is also the case for attempts to access VIC Management Portal on Chrome. Clearing certificates out of Personal and Trusted Root Certification Authorities did not solve the problem for me for the VIC MP.

Searching through the other certificate folders, I found a bunch of VMware self-signed certs in the following places:

oldcert

oldcert2

oldcert3

oldcert4

It was only when I deleted all of the self-signed certs in the Intermediate Certification Authorities folder that I was able to access VICMP once again.

@stuclem stuclem changed the title Documentation troubleshooting: browser rejects vicadmin certificate Documentation troubleshooting: browser rejects vicadmin and Management Portal certificate Aug 29, 2017
@stuclem
Copy link
Contributor

stuclem commented Aug 29, 2017

Is this problem exclusive to Windows 10? I don't recall it ever happening on my Windows Server 2008 VM. I have no idea about Mac or Linux.

This was referenced Aug 29, 2017
Closed
Merged
@andrewtchin
Copy link
Contributor

I've never seen this on MacOS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stuclem stuclem

Labels
area/pub/vsphere Published documentation for vSphere administrators area/pub Published documentation for end-users product/admiral Related to the vSphere Integrated Containers Managment Portal product/engine Related to the vSphere Integrated Containers Engine product/harbor Related to the VMware vSphere Integrated Containers Registry
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewtchin @hickeng @stuclem