Problem with vCenter 4.0 and certificates

For your information...
I've got this email this morning from our VMware TAM:

As of today, Microsoft has released this security advisory:

Microsoft Security Advisory: Update for minimum certificate key length
Microsoft Security Advisory: Update for minimum certificate key length

This effectively disables communication with any security certificate which is less than 1024 bits long. With vCenter 4.0.x we use 512 bit certificates by default and as such we see connections to https Web Services fail.

For more details, see KB 2037082: VMware KB: After installation of Microsoft Security Advisory update (KB2661254), connection to vCenter Server 4.0.x web services may fail

The workaround for this issue is straightforward. You will have to either create new certificates that are 1024 bits or higher, or disable fix as noted in the security Advisory.

This issue ONLY impacts vCenter 4.0.x, both vCenter 4.1.x and vCenter 5.x use 2048 bit certificates by default. However if a system was upgraded you still may see this issue. To validate whether your certificate is the proper length:

Navigate to the certificate directory. The default path is C:\Users\All Users\VMware\VMware VirtualCenter\SSL\ or For Windows Server 2008, C:\ProgramData\VMware\VMware VirtualCenter\SSL\.
Double-click rui.crt, to open it.
Click Details.
Find Public Key value from the list. The value should be RSA (1028 Bits) or higher. If the value is RSA (512 Bits), you will be impacted by the update.

Find more posts tagged with

Comments

There are no comments yet