PyKMIP icon indicating copy to clipboard operation
PyKMIP copied to clipboard
verified publisher icon OpenKMIP

esxi support - fix for folks in need

Open eyooooo opened this issue 1 year ago • 0 comments

hello im just posting this issue for folks who land here trying to setup pykmip with esxi and it "doesnt work" or you get com.vmware.vim.vmomi.core.exception.MarshallException: KeyProviderId required property id not set

in, at least, esxi 6.7, it seems the extended ssl properties are required. most random blogs will have you config the server with enable_tls_client_auth=False but this wont work out of the box.

when you setup your ssl cert, add the extended stuff like openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt -addext "extendedKeyUsage = serverAuth, clientAuth" and set the server config to True. esxi will work out of the box.

i saw in the pykmip log it was complaining about lack of extended ssl properties.

hope this helps home lab folks.

eyooooo avatar May 17 '24 21:05 eyooooo