Dell EMC VxRail：如何在 ESXi 上手动导入 vCenter SSL 证书 (000536490)

版本：5

文章类型：操作方法

目标受众：级别 10 = 公用

上次发布时间：2020 年 3 月 16 日（星期一），16:16:57 GMT

总结：

说明：

问题：
在使用外部 vCenter 进行节点扩展或部署期间，您可能在主机向 vCenter 注册时失败，出现以下错误消息：
[MARVIN] 2019-08-13T01:24:33.999+0000 INFO  [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.updateHostObject:244 - Updating host with moref: host-4933
[MARVIN] 2019-08-13T01:24:34.007+0000 INFO  [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:137 - Successfully registered host ServerName.Company.com
[MARVIN] 2019-08-13T01:24:34.007+0000 INFO  [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:120 - Starting registration process of host MarvinId {id=DE4001924xxxxx, totalSupportedNodes=1, position=1}
[MARVIN] 2019-08-13T01:24:34.024+0000 INFO  [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.i.HostVCRegistrationConfigurationTasklet c.v.m.v.b.t.i.HostVCRegistratio
nConfigurationTasklet.run:131 - Did not find ServerName.Company.com on VC; Registering...
[MARVIN] 2019-08-13T01:24:35.561+0000 ERROR [SimpleAsyncTaskExecutor-29] c.v.m.v.b.t.ConfigurationTasklet c.v.m.v.b.t.ConfigurationTasklet$1.onError:89 - Att
empt 1/1 failed
com.vmware.marvin.core.exception.ConfigurationException: Could not register: A general system error occurred: Unable to push CA certificates and CRLs to host
 ServerName.Company.com 

按照以下步骤解决 vCenter 与主机之间的这一信任问题：

1) 通过 ssh 连接到 VCSA，运行以下命令以检查 SSL 证书并记录它：
root@vcsa [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS

输出将如下所示：
Number of entries in store :    1
Alias : 61840acf55e38f18f78abd039ae5078fafbbf5d0
Entry type :    Trusted Cert
Certificate :   -----BEGIN CERTIFICATE-----
MIIEGTCCAwGgAwIBAgIJAM6Rjwr+jvTjMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGTAXBgNV
BAoMEHBzYy52c3BleDIubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmlu
ZzAeFw0xOTAyMTkwMDI5MDdaFw0yOTAyMTYwMDI5MDdaMIGXMQswCQYDVQQDDAJD
QTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2Nh
bDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGTAXBgNVBAoMEHBz
Yy52c3BleDIubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2tkUubbaMqXwLG66GfsG7w2sn8
5E+IvhzAIL1UCIidnbkHfTKwWJjF3Pgn8RSyE/xOhpawUzt/zCt6XKrUeCXp2L7X
Aw4x4IadKPdERM9t/9f5qVWvMRj/UE4OF+sEOUXcS+tRJiw0Q1gqva8XOaCwRgcP
8R16sCNMMFj+3nY9jXhs62Os59qbO0rocdllI1AQKVfrljbmu1WC0BkyW78HMUUF
SlelNUBrfvQ9CA36XaAm/VXdBQ04eK+6XwEcMJKoHX/1yR8eHQPdnHIL7aS6C07a
23PDF/IDuDU0lLxPTae8swbl5zjObocwwMrNxNLNinIMlLTBEP1HwN4EB2MCAwEA
AaNmMGQwHQYDVR0OBBYEFLcshOTQpKh8NccOddgdqp4yJtiCMB8GA1UdEQQYMBaB
DmVtYWlsQGFjbWUuY29thwR/AGABMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQC6r8J0yuWidPKQkj/nsjI/dDh8
eXPFQ9gdsNBDfSVmbrHvsGCOXv/E+WqnzNsXa73wjpJSzHVGKcZTV01MVGmJr5gQ
0in5bVzm2f3hCE+POsOLbfhjWsCVMgOrldK1lN2Xr/oyx7OEJDV63nrJ/0Yw8YSZ
vfyAdjpbHx0+QWtu9kPrSgdImX21WnBalHdsK7j84KvGpcDsM8UiG9Cyrd4jYTke
7GP2du0MDAQ3WL9anUDL5OsyeqtvTUmnz38/3hrJNvM21ZZceJopelPi8FHGm9yA
Psnjin7UASM7wYd53sYs2k1WZ9tk/kwuUlcPCDhEHqUWuO7KOLnrKo6b4TB5
-----END CERTIFICATE-----

2) 通过 ssh 连接到与 vCenter 存在信任问题的 ESXi 节点。

3) 备份用于存储 SSL 证书的 castore.pem 文件：
cd /etc/vmware/ssl
cp castore.pem castore.pem.bk

4) 在 vi 中打开 castore.pem，并复制粘贴从步骤 1 获得的证书。

5) 重新 services.sh。

主要产品：

VxRail 一体机系列

产品：

VxRail 一体机系列