Not sure where to file a case on this.
There are no clear instructions on how to replace the self-signed SSL certificates in VSC, with CA-signed ones. I'm using VSC for vSphere 6.2P1, with a Linux-based VCSA and ESXi versions 6.0U2. Also, cDOT NAS datastores, running 8.2.4P2.
The VSC manual, https://library.netapp.com/ecm/ecm_get_file/ECMLP2371569 , page 49, says that the certificate must be signed with SHA1.
With SHA1 being deprecated, this is a bug that VSC should be addressing SOON.
If you use https://kb.netapp.com/support/index?page=content&id=1013807, from the 4.x era, it describes a process which somewhat works. At least, I am able to follow it and add certs and get VSC to boot again. However, it doesn't mention the SHA1 limitation, because of its age.
There's also https://kb.netapp.com/support/index?page=content&id=1014445, which does not mention age of software. It follows a vastly different process. This seems unnecessary at best, but confusing.
Having installed the CA certificate, VSC SEEMS to work, SHA1 and all. However, it's a lurking problem.
VSC can send mail about issues. Those emails end in a note that says:
You can view the log entries at https://[fe80:0:0:0:0:5efe:a16:879%net3]:8043/smvi/logViewer?id=backup_All-VMs_20160519212800.
1) I'm not sure why, but it's giving an IPv6 address. Is there a place to change this? I have to manually rewrite it to a hostname based on my own knowledge of the windows box's name.
2) The SSL cert on port 8043 is NOT the replaced one, it's a self-signed one. Even if VSC is willing to accept talking over insecure connections from plugin to software, web browsers aren't happy with them.
So, summarizing:
1) VSC uses SHA1 certs. This is a bug.
2) VSC has no clear documentation of how to replace SSL certs for port 8143 with CA-signed ones in the 6.x world; the 4.x instructions APPEAR to work, but, this is a guess.
3) VSC has no documentation of how to replace SSL certs for port 8043 with CA-signed ones in the 6.x world.
4) SMVI mails have an IPv6 hostname, but no clear way to change it.
Anyone run into this?