You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
I propose adding a section with an example on the docs page:
Here we can show how to use govc to retrieve the SHA1 thumbprint of the vCenter (see location).
Today we require the admin to log into the vCenter appliance with an administrative user (like root) which is in many aspects bad.
Using govc it is really a single command to take care of this.
Location
I suggest adding this to the page Reference for vSphere account
somewhere below the section Obtain vSphere Certificate Thumbprints
The Code
# This assumes you have setup your GOVC environment per https://github.com/vmware/govmomi/tree/master/govc#This works on any OS. The last line contains the SHA1 thumbprint
govc about.cert
#On MacOS/Linux you can directly extract the SHA1 thumbprint with jq
govc about.cert -k -json | jq -r .ThumbprintSHA1
Additional Context
If your vSphere environment uses untrusted, self-signed certificates to authenticate connections, you must verify the thumbprint of the vCenter Server when you deploy a management cluster. If your vSphere environment uses trusted certificates that are signed by a known Certificate Authority (CA), you do not need to verify the thumbprint.
Example output from govc:
❯ govc about.cert
Certificate Status: good
Issued To:
Common Name (CN): cube-vcsa-01.lab.why-did-it.fail
Organization (O): <Not Part Of Certificate>
Organizational Unit (OU): <Not Part Of Certificate>
Issued By:
Common Name (CN): Why did IT fail - LAB CA Root CA
Organization (O): Why did IT fail - LAB CA
Organizational Unit (OU): <Not Part Of Certificate>
Validity Period:
Issued On: 2022-06-08 09:34:58 +0000 UTC
Expires On: 2024-06-07 09:34:53 +0000 UTC
Thumbprints:
SHA-256 Thumbprint: DD:FE:F4:D6:5E:68:BE:8C:66:81:CB:C6:74:9B:2E:EB:E1:A3:32:6D:D5:00:E5:1C:82:8B:92:5D:56:17:7C:2E
SHA-1 Thumbprint: 28:7A:DC:16:55:D7:DF:BF:08:63:99:FE:91:2A:76:F1:40:C7:DE:FF
To verify, this is the output from openSSL on my vCenter:
❯ ssh root@cube-vcsa-01
VMware vCenter Server 7.0.3.00600
Type: vCenter Server with an embedded Platform Services Controller
root@cube-vcsa-01 [ ~ ]# openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout
SHA1 Fingerprint=28:7A:DC:16:55:D7:DF:BF:08:63:99:FE:91:2A:76:F1:40:C7:DE:FF
The text was updated successfully, but these errors were encountered:
dominikzorgnotti
changed the title
Add GOVC example to retrieve SHA1 thumbprint for vCenter
[Docs](docs/site/content/docs/edge/ref-vsphere.md) Add GOVC example to retrieve SHA1 thumbprint for vCenter
Jul 1, 2022
dominikzorgnotti
added a commit
to dominikzorgnotti/community-edition
that referenced
this issue
Jul 3, 2022
To provide the required CLI examples from #4950#4951 and #4840
we need to restructure the permission section.
Each creation step for RBAC (role, user, permissions) is now a section.
Each section shows one of three options: UI, govc, PowerCLI
Signed-off-by: Dominik Zorgnotti <dzorgnotti@vmware.com>
Description
I propose adding a section with an example on the docs page:
Here we can show how to use govc to retrieve the SHA1 thumbprint of the vCenter (see location).
Today we require the admin to log into the vCenter appliance with an administrative user (like root) which is in many aspects bad.
Using govc it is really a single command to take care of this.
Location
I suggest adding this to the page Reference for vSphere account
somewhere below the section Obtain vSphere Certificate Thumbprints
The Code
Additional Context
If your vSphere environment uses untrusted, self-signed certificates to authenticate connections, you must verify the thumbprint of the vCenter Server when you deploy a management cluster. If your vSphere environment uses trusted certificates that are signed by a known Certificate Authority (CA), you do not need to verify the thumbprint.
Example output from govc:
To verify, this is the output from openSSL on my vCenter:
The text was updated successfully, but these errors were encountered: