• Cannot add a ldaps:// identity source
• Adding a ldaps:// identity source fails after you select a certificate file using the Choose Certificate option
• The Add certificate operation fails for the entity
• You see the error:
  
  invalid DER-encoded certificate data
  
  
• In the vcregtool.log file, you see entries similar to:
  
  main ERROR com.vmware.vim.dataservices.vcregtool.RegisterVC] Cannot load VC certificate
  java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
  at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1701)
  at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:303)
  at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
  at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
  at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcCertificate(RegisterVC.java:436)
  at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcProviderInfo(RegisterVC.java:299)
  at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:203)
  at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
  at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)

To resolve this issue:

1. Open the certificate file and remove any content before the -----BEGIN CERTIFICATE----- line.
   
2. Save and close the certificate file.
   
3. Retry adding a ldaps:// identity source.

• Configuring a vCenter Single Sign-On 5.1 Identity Source using LDAP with SSL (LDAPS) (2041378)
• Generating Domain Root CA signed certificates for vCenter Server (1023688)
• Generating custom or default SSL certificates (1029944)