• VT2 fails during host migration with an SSLHandshakeException
• Hosts are configured with a chained certificate
• Migration Coordinator logs show the following 

/var/log/migration-coordinator/migration-coordinator.log

2023-04-20T12:04:50.132Z INFO http-nio-127.0.0.1-7450-exec-3 MigrationFacadeImpl 310182 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="migration-coordinator"] Unit: <uuid>:host-<id>, status: FAILED, % complete: 0.0, errors: Unexpected error while upgrading upgrade unit: Install of offline bundle failed on host <uuid>:host-<id> with error : VI SDK invoke exception:javax.net.ssl.SSLHandshakeException:

VMware NSX-T Data Center 3.2.x

VMware NSX 4.x

Currently, we convert the host certificate to a thumbprint and use that thumbprint for the V2T migration workflow. The certificate to thumbprint conversion logic fails for chained certificates which causes the host migration to fail.

This issue is resolved in 3.2.4 and 4.1.2

Workaround:

Replace the ESXi chained certificate with a single certificate. This can be signed or self-signed. The chained certificate can be applied to the host again after the V2T is complete.