vCAC 6 Linux Guest Agent Certificate Gotcha

In vCAC 6, the Linux guest agent needs to use SSL to communicate with the vCAC Iaas Windows Server. This requires that a valid PEM file is present in the /usr/share/gugent director after you have installed the Linux guest agent RPM and before you run

The common problem you will see in vCAC is the deployment failed after the request is stuck in customizeOS state for a long period of time.
The problem is that some versions of Linux may have different releases of OpenSSL which can pull the SSL certificate from vCAC improperly resulting in an empty PEM file.

In this post I will show you the fool proof way to make sure the cert is properly installed on your Linux tempate.

First off, open firefox to your FQDN of your vCAC IaaS box and login as your cloud admin for example https://vcac-w8-01a.corp.local


Click the Lock and then click more information


Now click View Certificate


On the next screen click the Details tab, then click export


Now click Export and save the file to your desktop, make sure to save as cert and type X.509 Certificate (PEM)


Now use WinSCP to copy the cert.crt file to your Linux template to the /usr/share/gugent directory


Now SSH into your Linux template and change director to /usr/share/gugent directory


Now run the command openssl x509 -in mycert.crt -out mycert.pem -outform PEM

openssl x509 -in cert.crt -out cert.pem -outform PEM

Shutdown your Linux template and configure your blueprint in vCAC to use it. NOTE: If you are using linked clones you will need to create a new snapshot, run an inventory scan in vCAC and also repoint the blueprint to the new snapshot.

Be sure to re-tweet if this was helpful!

Remember sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.