Upgrading to vCenter Server 5.1 fails with the error: Certificate already expired

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

Installing vCenter Single Sign On fails
Cannot upgrade to vCenter Server 5.1
vCenter Server 5.1 Installer fails
Upgrading vCenter Server 5.1 fails while installing the Inventory service
vCenter Server installer reports the error:

Error 29113. Wrong input - either a command line argument is wrong, a file cannot be found or the spec file doesn't contain the required information, or the clocks on the two systems are not synchronized. Check vm_ssoreg.log in system temporary folder for details.
In the vm_ssoreg.log file, located in the %TEMP% directory, you see the error:

java.lang.IllegalArgumentException: Invalid solution certificate. Certificate already expired.

Environment

VMware vCenter Server 5.1.x

Cause

This issue occurs if the vCenter Server certificate expires.

To verify if the certificate has expired, check the certificate file specified in vcsso.properties file.

Note: The vcsso.properties file is located at C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\.

Resolution

This issue is resolved in VMware vCenter Server 5.1.0a, available at VMware Downloads. For more information, see the VMware vCenter Server 5.1.0a Release Notes.

If you are unable to upgrade, regenerate the expired certificates and then upgrade to vCenter Server 5.1.

To regenerate the expired certificates and upgrade to vCenter Server 5.1:

Note: If the upgrade previously succeeded however the VirtualCenter Server service now fails to start , see vCenter Server Services hang on startup after upgrading to vCenter Server 5.1 (2035623) to recover from this situation.

Open the vcsso.properties file using a text editor.
Find the location of rui.crt certificate file, which is specified under the [solutionUsers] section of the vcsso.properties file.

Note: In some cases, the vcsso.properties file may have been removed after a failed installation. If the vcsso.properties file is removed, the default location of the rui.crt file is C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\.
After determining the location of the rui.crt file, run this command to see the expiration date and view the encryption bit used:

$ openssl x509 -in rui.crt -noout -text

Note: In case of an expired certificate, you see an output similar to:

.. Validity Not Before: Jul 28 11:03:38 2008 GMT Not After : Jul 28 11:03:38 2010 GMT ..
If the certificate expires, update the certificates before upgrading to vCenter Server 5.1. To update certificates on vSphere 5.0 and vSphere 4.1, see the steps outlined inInstalling the intermediate certificate chain for vCenter Server 5.0 (2030422).
Once the new certificates are regenerated, re-try the vCenter Server 5.1 upgrade.
After the upgrade completes, reconnect all hosts.

Additional Information

Installing the intermediate certificate chain for vCenter Server 4.1 and 5.0
Troubleshooting VMware Single Sign-On configuration and installation issues in a Windows server
vCenter Server Services hang on startup after upgrading to vCenter Server 5.1
vCenter Server 5.1 へのアップグレードが次のエラーで失敗する： Certificate already expired
升级到 vCenter Server 5.1 失败并显示以下错误：证书已过期