Deploying a template with customization fails with the error: Authenticity of the host's SSL certificate is not verified
book
Article ID: 313995
calendar_today
Updated On: 06-28-2025
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
When you are updating or regenerating the default certificates on the host using the vCenter Server Appliance, you experience these symptoms:
- You are unable to deploy a virtual machine template using the Customize option.
- Deploying the same template without selecting Customize is successful.
- In the /var/log/vmware/vpx/vpxd.log file, you see entries similar to:
<YYYY-MM-DD>T<time>Z [7FCCC90C6700 warning 'Default' opID=########-######57-e7-22] SSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed</time>
-->
<YYYY-MM-DD>T<time>Z [7FCCC90C6700 warning 'Default' opID=########-######57-e7-22] SSL: connect failed</time>
-->
<YYYY-MM-DD>T<time>Z [7FCCC90C6700 error 'provisioningvpxNfcClient' opID=########-######57-e7-22] [VpxNfcClient] Unable to connect to NFC server: The remote host certificate has these problems:</time>
-->
--> * unable to get local issuer certificate
<YYYY-MM-DD>T<time>Z [7FCCC90C6700 info 'Default' opID=########-######57-e7-22] [VmCustomizer] Successfully deleted file/directory /tmp/imcf-QdjBkH</time>
<YYYY-MM-DD>T<time>Z [7FCCC90C6700 error 'VmProv' opID=########-######57-e7-22] [Workflow] Get exception while executing action vpx.vmprov.CustomizeVm: vim.fault.SSLVerifyFault</time>
--> backtrace[00] rip 00007fccdcf31fa4 Vmacore::System::Stacktrace::CaptureWork(unsigned int)
--> backtrace[01] rip 00007fccdce1c0c2 Vmacore::System::SystemFactoryImpl::CreateQuickBacktrace(Vmacore::Ref<Vmacore::System::Backtrace>&)
--> backtrace[02] rip 00007fccdcd7d835 Vmacore::Throwable::Throwable(std::string const&)
--> backtrace[03] rip 00007fcce4023dc9 Vmomi::MethodFault::Exception::Exception(Vmomi::MethodFault*)
--> backtrace[04] rip 00007fcce4c0c0e5 /usr/lib/vmware-vpx/vpxd(+0x1abe0e5) [0x7fcce4c0c0e5]
--> backtrace[05] rip 00007fcce4248473 /usr/lib/vmware-vpx/vpxd(+0x10fa473) [0x7fcce4248473]
--> backtrace[06] rip 00007fcce42508d8 /usr/lib/vmware-vpx/vpxd(+0x11028d8) [0x7fcce42508d8]
--> backtrace[07] rip 00007fcce56f353a /usr/lib/vmware-vpx/vpxd(+0x25a553a) [0x7fcce56f353a]
--> backtrace[08] rip 00007fcce569d2b6 /usr/lib/vmware-vpx/vpxd(+0x254f2b6) [0x7fcce569d2b6]
--> backtrace[09] rip 00007fcce569d6a3 /usr/lib/vmware-vpx/vpxd(+0x254f6a3) [0x7fcce569d6a3]
--> backtrace[10] rip 00007fcce550f298 /usr/lib/vmware-vpx/vpxd(+0x23c1298) [0x7fcce550f298]
Cause
This issue occurs when a host's SSL thumbprint varies from the expected_ssl_thumbprint field within the VPX_HOST table of the vCenter Server database.
Feedback
thumb_up
Yes
thumb_down
No