regenerate client automatically generated certificate

[mohammadrezalk]

Hi, VCHs have been created with auto-generated client certificates in our environment, now I'm using vic-machine configure command to regenerate the certificates without using custom CAs, the process completed successfully and new client certificates work fine, but I'm getting some warning during this process and need to know the reason to prevent future issues.

level=warning msg="Unable to load system root certificates - continuing with only the provided CA" level=warning msg="Expected TLS error without access to client certificate, received error: tls: bad certificate" level=info msg="Completed successfully" Failed to write to log, write vic-machine.log: The handle is invalid.

[wjun]

For the first warning, it is at line https://github.com/vmware/vic/blob/0d51b7ecd420916c0ede5cd2b475298eccd4894a/lib/install/management/appliance.go#L937 it will try to load system root CAs first. For the second warning, it is at line https://github.com/vmware/vic/blob/0d51b7ecd420916c0ede5cd2b475298eccd4894a/lib/install/management/appliance.go#L983 the codes will check if your VCH's certificate CN name or SANs can match the VCH ip. If not, the warning is triggered.

[mohammadrezalk]

Many thanks for comment, What about these logs? 1-Failed to write to log, write vic-machine.log: The handle is invalid.

2-level=error msg="vic/pkg/trace.(*Operation).Err : vic-machine-windows error: context canceled\nvic/cmd/vic-machine/configure.(*C onfigure).Run:355 vic-machine-windows\nvic/cmd/vic-machine/common.NewOperation:2 7 vic-machine-windows"

Thanks in advance