Deploying a template with customization fails with the error: Authenticity of the host's SSL certificate is not verified
search cancel

Deploying a template with customization fails with the error: Authenticity of the host's SSL certificate is not verified

book

Article ID: 313995

calendar_today

Updated On: 06-28-2025

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

When you are updating or regenerating the default certificates on the host using the vCenter Server Appliance, you experience these symptoms:

  • You are unable to deploy a virtual machine template using the Customize option.
  • Deploying the same template without selecting Customize is successful.
  • In the /var/log/vmware/vpx/vpxd.log file, you see entries similar to:

    <YYYY-MM-DD>T<time>Z [7FCCC90C6700 warning 'Default' opID=########-######57-e7-22] SSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed</time>
    -->
    <YYYY-MM-DD>T<time>Z [7FCCC90C6700 warning 'Default' opID=########-######57-e7-22] SSL: connect failed</time>
    -->
    <YYYY-MM-DD>T<time>Z [7FCCC90C6700 error 'provisioningvpxNfcClient' opID=########-######57-e7-22] [VpxNfcClient] Unable to connect to NFC server: The remote host certificate has these problems:</time>
    -->
    --> * unable to get local issuer certificate
    <YYYY-MM-DD>T<time>Z [7FCCC90C6700 info 'Default' opID=########-######57-e7-22] [VmCustomizer] Successfully deleted file/directory /tmp/imcf-QdjBkH</time>
    <YYYY-MM-DD>T<time>Z [7FCCC90C6700 error 'VmProv' opID=########-######57-e7-22] [Workflow] Get exception while executing action vpx.vmprov.CustomizeVm: vim.fault.SSLVerifyFault</time>
    --> backtrace[00] rip 00007fccdcf31fa4 Vmacore::System::Stacktrace::CaptureWork(unsigned int)
    --> backtrace[01] rip 00007fccdce1c0c2 Vmacore::System::SystemFactoryImpl::CreateQuickBacktrace(Vmacore::Ref<Vmacore::System::Backtrace>&)
    --> backtrace[02] rip 00007fccdcd7d835 Vmacore::Throwable::Throwable(std::string const&)
    --> backtrace[03] rip 00007fcce4023dc9 Vmomi::MethodFault::Exception::Exception(Vmomi::MethodFault*)
    --> backtrace[04] rip 00007fcce4c0c0e5 /usr/lib/vmware-vpx/vpxd(+0x1abe0e5) [0x7fcce4c0c0e5]
    --> backtrace[05] rip 00007fcce4248473 /usr/lib/vmware-vpx/vpxd(+0x10fa473) [0x7fcce4248473]
    --> backtrace[06] rip 00007fcce42508d8 /usr/lib/vmware-vpx/vpxd(+0x11028d8) [0x7fcce42508d8]
    --> backtrace[07] rip 00007fcce56f353a /usr/lib/vmware-vpx/vpxd(+0x25a553a) [0x7fcce56f353a]
    --> backtrace[08] rip 00007fcce569d2b6 /usr/lib/vmware-vpx/vpxd(+0x254f2b6) [0x7fcce569d2b6]
    --> backtrace[09] rip 00007fcce569d6a3 /usr/lib/vmware-vpx/vpxd(+0x254f6a3) [0x7fcce569d6a3]
    --> backtrace[10] rip 00007fcce550f298 /usr/lib/vmware-vpx/vpxd(+0x23c1298) [0x7fcce550f298]



Cause

This issue occurs when a host's SSL thumbprint varies from the expected_ssl_thumbprint field within the VPX_HOST table of the vCenter Server database.

Resolution

Please contact Broadcom Support for assistance with working around this issue.

Additional Information