Adding a vCenter, NSX-V and/or NSX-T endpoint fails to present the 'Trust certificate' popup and results in an error
book
Article ID: 314760
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
When vRealize Automation has been configured with a proxy and the user attempts to add an endpoint with an untrusted certificate, an error is presented instead of presenting a choice to trust the certificate.
A similar stack trace can be observed in the logs:
c.vmware.admiral.host.ProvisioningHost.log:448 - Certificate with thumbprint <Thumbprint> not found 2019-12-23T04:34:30.023Z [priority='ERROR' thread='xn-index-queries-35' user='ACTXB' org='<UUID>' context='<UUID>' parent='<UUID>' token='<UUID>'] c.v.p.c.m.a.v.u.c.BasicConnection.log:448 - Failed to connect to vCenter: Your certificate may be untrusted. To trust the certificate validate your account credentials and accept the untrusted certificate. Save your cloud account after validation succeeds. Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception [javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
Environment
VMware vRealize Automation 8.x
Cause
This issue is due to limited support for using a proxy for the vSphere, NSX-V and NSX-T endpoints in vRealize Automation 8.0.1.
Resolution
This issue will be resolved with a code-fix in vRealize Automation 8.0.1 Patch 2 and vRealize Automation 8.1 GA.
Workaround:
Copy the attached from this KB <link to .tgz archive> to each vRA node.
Backup and archive all python modules: cd /opt/python/modules; tar -zcvf archive.tgz *
Decompress the archive copied in step 1. from the root directory: cd /; tar -axvfpath_to_archive.tgz
Apply the old proxy settings using the new proxy configuration by running: vracli proxy apply
Retry adding the vCenter endpoint.
Additional Information
Application of Patch 1 on any vRealize Automation 8.0.1 GA instance will overwrite this KB. Please reapply this KB in this event.