VMware recently released a new product call vCenter Support Assistant. This virtual appliance places an icon in the vCenter ‘Solutions and Applications’ area where you can contact support, open SRs and upload support bundles. You can view the entire product overview and access the download link from here: http://www.vmware.com/products/datacenter-virtualization/vcenter-support-assistant/overview.html.
This appliance provides a web server that serves up the ‘solution’ as well as the icon that appears in vCenter. Due to this, opening the vCenter client will load the initial icon and give you an SSL warning. The FAQ shows how this generic certificate can be installed on your workstation to prevent this popup, however I prefer to replace the SSL certificate with one signed by a trusted CA. Here are the steps to complete this procedure.
cd /support-assistant/keystore/ cp support_assistant support_assistant_BU /usr/java/jre-vmware/bin/keytool -genkey -keyalg RSA -keysize 2048 -alias support_assistant -keystore support_assistant -storepass "SPH123oneAssist123@" -validity 3650 -dname "CN=support-assistant.bwuch.local,OU=My Department,O=My Company,L=City,ST=State,C=XX,emailAddress=vmware-admin@bwuch.local" /usr/java/jre-vmware/bin/keytool -certreq -alias support_assistant -keystore support_assistant -file jetty.csr -storepass "SPH123oneAssist123@"
This will create a jetty.csr file. You’ll want to display the contents of that file (cat jetty.csr). Copy the contents of jetty.csr to the certificate request. Then download the base64 encoded chain file, open it in notepad. Back on the appliance use a text editor like vi to create a new jetty.crt file. Paste the contents of the P7B file to jetty.crt.
Run the following command to import the CA signed certificate into the keystore:
/usr/java/jre-vmware/bin/keytool -keystore support_assistant -import -alias support_assistant -file jetty.crt -trustcacerts -storepass "SPH123oneAssist123@"
Answer ‘yes’ if prompted to trust the certificate. You can either restart the service or reboot the server to read in the new certificate.
After the above process, open a web browser and access the management interface (the above example would be https://support-assistant.bwuch.local/). You should not receive any SSL warnings. Go ahead and register the vCenter Support Assistant into your vCenter. You may notice that when you open the vCenter client you’ll get an SSL warning. This is because the plugin has registered by IP address in your vCenter. You can fix this up with a few short lines of PowerCLI:
[cc lang=”Powershell”]
$exMgr = Get-View ExtensionManager
$sa = $exMgr.ExtensionList | ?{$_.key -eq ‘com.vmware.supportassistant’}
$sa.Server[0].Url = “https://support-assistant.bwuch.local/plugin-config.xml”
$exMgr.UpdateExtension($sa)
[/cc]
Close out of the vCenter client and verify, but you shouldn’t get any more SSL warnings due to the Support Assistant.
Great Articles, it worked and I was looking for this solution for a while (5 days).
only one typo though, the “support-assistant” in the first command should read “support_assistant”, and it has to be support_assistant, otherwise it won’t work. you may want to rename the old one first.
Quincy, thanks for catching the typo. I have replaced the support-assistant references with support_assistant and added a file copy operation to backup the previous support_assistant keystore.