[Bug 17296] VMware Infrastructure Client 2.5 could not validate server's SSL certificate

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=17296





--- Comment #50 from Frank G. <fgatwork at verizon.net>  2009-11-05 23:14:53 ---
Well - there is mostly good news, and a little bad news.

First, the bad news.  it's not _all_ the way there yet.

The good news, I am now able to accept or pass the certificate validation.  I
ended up putting in your latest patch for looking at Trusted (this is perhaps a
Mono container since certmgr is a Mono tool?).  I had applied the patch and
done another build and test without any good results until just dumb luck
pushed me to what seems to have worked.

What I DID do:
  - VMware stores the certificate and key in C:\Documents and Settings\All
Users\Application Data\VMware\VMWare Server\SSL\rui.[crt|key] on the server.
  - I moved both of those files to my Linux client.
  - run the following 2 commands:
    cat rui.crt > VMware-SelfSigned.pem
    cat rui.key >> VMware-SelfSigned.pem
  - As root, copy VMware-SelfSigned.pem to system local key store (on openSUSE,
it is /etc/ssl/certs, can't speak for any others)

After this, when starting the vpxClient.exe, I am presented with the same
certificate warning I received in Windows - untrusted SSL certificate - (I
danced a jig at this point).  At this point, I can view the certificate and
install it or choose to ignore the warning and continue.  When I continue, I am
getting a communications error. 

On a side note, I read on several forums that VMware uses pkcs12 rather than
rsa for their keys.  Perhaps there is a more reliable way to generate the .pem
than my method? (i.e. my concatenation might just be the cause of my second
problem).

I will plug on that one tomorrow.

Regards,
Frank

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.