vCAC 6 Linux Guest Agent Certificate Gotcha

In vCAC 6, the Linux guest agent needs to use SSL to communicate with the vCAC Iaas Windows Server. This requires that a valid PEM file is present in the /usr/share/gugent director after you have installed the Linux guest agent RPM and before you run instalgugent.sh

The common problem you will see in vCAC is the deployment failed after the request is stuck in customizeOS state for a long period of time.
The problem is that some versions of Linux may have different releases of OpenSSL which can pull the SSL certificate from vCAC improperly resulting in an empty PEM file.

In this post I will show you the fool proof way to make sure the cert is properly installed on your Linux tempate.

First off, open firefox to your FQDN of your vCAC IaaS box and login as your cloud admin for example https://vcac-w8-01a.corp.local

media_1391509249783.png

Click the Lock and then click more information

media_1391509454046.png

Now click View Certificate

media_1391509354346.png

On the next screen click the Details tab, then click export

media_1391509386084.png

Now click Export and save the file to your desktop, make sure to save as cert and type X.509 Certificate (PEM)

media_1391509582626.png

Now use WinSCP to copy the cert.crt file to your Linux template to the /usr/share/gugent directory

media_1391509829409.png

Now SSH into your Linux template and change director to /usr/share/gugent directory

media_1391509962666.png

Now run the command openssl x509 -in mycert.crt -out mycert.pem -outform PEM

media_1391510028627.png
openssl x509 -in cert.crt -out cert.pem -outform PEM

Shutdown your Linux template and configure your blueprint in vCAC to use it. NOTE: If you are using linked clones you will need to create a new snapshot, run an inventory scan in vCAC and also repoint the blueprint to the new snapshot.

Be sure to re-tweet if this was helpful!

Remember sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.