Certificate chain length exceeds the maximum allowed length error in vRealize Orchestrator import certificate workflow
search cancel

Certificate chain length exceeds the maximum allowed length error in vRealize Orchestrator import certificate workflow

book

Article ID: 314754

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

Import certificate workflow fails in Orchestrator with a java error similar to:

InternalError: java.lang.IllegalStateException: javax.net.ssl.SSLProtocolException: The certificate chain length (11) exceeds the maximum allowed length (10) (Workflow:Import a certificate from URL with certificate alias / Validate (item1)#5)

 


Environment

VMware vRealize Automation 8.x

Cause

The JVM properties that ship with vRO have a default maximum allowed cert chain value of 10

Resolution


To increase the cert chain limit perform the following steps:
 
1. Snapshot the Orchestrator appliances as best practice precaution.

2. Open an SSH session to the Orchestrator appliance.

3. In the Bash terminal, run the following command to change the maximum certificate chain length value:
 vracli vro properties set -k jdk.tls.maxCertificateChainLength -v 15
(the above sets the chain value limit to 15 certificates; change it higher if required)

4. Wait a few minutes for the Orchestrator pod to become up and running.
  (you can monitor the current state of the Orchestrator pod with: kubectl -n prelude get pods -w)