[INFO] Changing the default SSL password during the vCenter Server certification renewal

Another situation I was facing two weeks ago while upgrading two Windows vCenter Server 5.5 including vSphere Replication Appliances to the latest vCenter Server Appliance 6.5U1.

As the upgrade process is fairly known by now, I was sure I will need to reset the administrator@vsphere.local password due the expiration settings.

But I also needed to renew the SSL certificates prior the migration process which shouldn’ be a problem after all. The VMware Knowledgebase is great to review all the needed steps. But one line let me stop, cause in this project I needed to change this:

The password of testpassword should not be changed.

Source: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2096030

Due to security reasons I needed to change every password which is tagged as “default”.

The creation and implementation of the new created certificates was done quite easy, but after all settings were done the vCenter Server did not start.

I won’t get deeper into my analysis but will focus on what was the reason, cause I was chatting with a colleague and also searching for an answer online with no luck and thought it could be useful for somebody else to know how to solve it when it comes to this situation.

Apparently the internal TomCat server service is using the default password as described in the article above. If you need to change the default password for any reason you also need to configure the “catalina.properties” at the TomCat server service to match.

SSL certificate password — bio-vmssl.SSL.password=testpassword

3

Source: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-ABF63FAB-711C-4C8D-87D7-E6FB73B98425.html

After that the web services will start up and the Windows vCenter Server is available again for the migration process.