I've installed an ESXi evaluation and stumbled upon a bug. Reported it to @vmwarecares on Twitter and they've told me to report it here. This isn't a question, but merely a bug report to the development department. I couldn't submit this through the support page, as evaluations aren't listed (it requires to select a product, but there are none for that reason).
Product: VMware ESXi Version: 6.5.0 (Build 5224529) - Image profile: ESXi-6.5.0-4564106-standard (VMware, Inc.)
Category: BUG
Behaviour: When an invalid SSL certificate is uploaded through the vSphere web client, it's refused but applied nevertheless, crashing any and all of the management daemons.
Expected behaviour: When an invalid SSL certificate is uploaded through the vSphere web client, vSphere web client throws an error.
Steps to reproduce:
- Login to the vSphere web client (https://{$IP}).
- Navigate to Host -> Manage -> Security & Users -> Certificates.
- Click 'Import new certificate'.
- Import any, single PEM encoded certificate.
- vSphere will throw an error, rejecting the certificate.
- Wait a few minutes.
- Refresh the web client (hard refresh!), it will refuse the connection.
- Login to the SSH daemon, most management actions will be impossible (eg, vim-cmd, esxcli, will throw an refused connection error).
Steps to diagnose:
- The VPXA log (/var/log/vpxa.log) contains this line:
[Originator@6876 sub=Default] Failed to initialize the SSL context: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) --> Panic: Failed to initialize the SSL context.
Steps to fix:
- Execute: /sbin/generate-certificates
- Restart the management daemons: services.sh restart