While at the vCenter credentials portion of a vCenter Operations deployment onto the environment I inherited, it yielded the following error which was relatively self-explanatory but had no results on Google: com.integrien.alive.common.security.ExpiredCertificateException

vCenter Operations Error

It turns out that the SSL certificate for vCenter had expired. The expiration had not affected anything else, but it appears vCops takes it very seriously. I had not ran into the vCenter SSL certificate expiring before, and that would be because vCenter 4.x and later generate SSL certificates that last for 10 years; however, vCenter 2.5 generated SSL certificates that are only valid for 2 years.

Expired vCenter SSL Certificate

The process to regenerate the SSL certificate for vCenter is described in KB 1009092: Regenerating expired SSL certificates after2 years. Essentially, it involves taking the rui.key and rui.pfx from C:\ProgramData\VMware\VirtualCenter\SSL and using OpenSSL to generate a new self-signed certificate. In my case, I scp’d the files to a Linux server and used OpenSSL on it instead of trying to use OpenSSL on Windows.

OpenSSL Regenerate Certificate

The commands used were:

  1. openssl req -new -x509 -days 3650 -sha1 -nodes -key rui.key -out rui.crt -subj “/C=US/ST=NC/L=CHARLOTTE/CN=FQDN.OF.VCENTER.COM”
  2. openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx

The ‘testpassword’ is the default password used by VMware. After generating on the Linux server, I scp’d them back over to the Windows host, backed up the current keys, stopped vCenter, copied the new keys in, and started vCenter backup. Voilà, new SSL cert installed and vCenter Operations install was able to proceed.