Search the VMware Knowledge Base (KB)
View by Article ID

Unable to deploy VCH with custom certificates in VIC (2151050)

  • 0 Ratings

Symptoms

When trying to deploy a vSphere Integrated Container's Virtual Container host (VCH), you see the error: 

ERROR --------------------
ERROR vic-machine-windows create failed: tls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: [PKCS7]

Purpose

This article provides steps to install VCH using custom certificates.

Cause

This issue occurs because the PKCS#7 (Cryptographic Message Syntax) format is not a PEM/x509 encoded certificate. Currently, this is not a supported format. The vic-machine create command looks for PEM/DER/ASN.1 encoded single certificate.

Resolution

To resolve this issue, install the VCH using custom certificate which is in PKCS#7 Format.
 
  1. Convert the certificate to PEM/DER/ASN.1 (CERTIFICATE blocks instead of PKCS#7 blocks).

    openssl pkcs7 -print_certs -<name of cert> -outform <output name.pem>

    Example:

    Original Cert is similar to: 

    -----BEGIN PKCS7-----

    MIIWJAYJKoZIhvcNAQcCoIIWFTCCFhECAQExADALBgkqhkiG9w0BBwGgghX5MIIG
    MTCCBRmgAwIBAgIRAKtgRGNtoDIxrNiyUj2gR9UwDQYJKoZIhvcNAQELBQAwgZYx
    CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV
    <snip>

    Converted Cert is similar to: 

    subject=/C=**/postalCode=*****/ST=IN/L=*******/street=****/street=***
    issuer=/C=**/ST=*******/L=*******/O=COMODO CA Limited/CN=*****
    -----BEGIN CERTIFICATE-----
    MIIGMTCCBRmgAwIBAgIRAKtgRGNtoDIxrNiyUj2gR9UwDQYJKoZIhvcNAQELBQAw
    gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
    BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD
    <snip>

  2. After the content is converted, use the converted certificate and key using --cert and --key.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: