Replacing machine ssl certificate with custom certificate on VCSA 6.7 failed with error
"Error certificate-manager 'lstool get' failed:1"
Description:
Replacing machine ssl certificate with custom certificate on VCSA 6.7 failed due to 3rd party plugins deployed/installed with no valid certificate
Cause:
The certificate replacement process will check whether the 3rd party plugins installed have valid certificate or not. If not, the certificate replace will get failed.
Resolution:
The only resolution is to skip the validation that is being carried out by certificate manager process
1. Navigate to directory
#cd /usr/lib/vmware/site-packages/cis/
2. Take a backup of certificatemanagerhelper. Py file
3. Open the file using vi editor and edit the following section
#to remove LsTools stdout
If(rc! =0) :
logging.error("'lstool get' failed{}".format(rc))
Comment the line #raise exception("'lstool get' failed: %d" %rc) and instead TYPE rc=0
4. Keep the certificate and certificate chain ready
5. Replace the certificate
"Error certificate-manager 'lstool get' failed:1"
Description:
Replacing machine ssl certificate with custom certificate on VCSA 6.7 failed due to 3rd party plugins deployed/installed with no valid certificate
Cause:
The certificate replacement process will check whether the 3rd party plugins installed have valid certificate or not. If not, the certificate replace will get failed.
Resolution:
The only resolution is to skip the validation that is being carried out by certificate manager process
1. Navigate to directory
#cd /usr/lib/vmware/site-packages/cis/
2. Take a backup of certificatemanagerhelper. Py file
3. Open the file using vi editor and edit the following section
#to remove LsTools stdout
If(rc! =0) :
logging.error("'lstool get' failed{}".format(rc))
Comment the line #raise exception("'lstool get' failed: %d" %rc) and instead TYPE rc=0
4. Keep the certificate and certificate chain ready
5. Replace the certificate