Adding a vCenter, NSX-V and/or NSX-T endpoint fails to present the 'Trust certificate' popup and results in an error
search cancel

Adding a vCenter, NSX-V and/or NSX-T endpoint fails to present the 'Trust certificate' popup and results in an error

book

Article ID: 314760

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • When vRealize Automation has been configured with a proxy and the user attempts to add an endpoint with an untrusted certificate, an error is presented instead of presenting a choice to trust the certificate.
  • A similar stack trace can be observed in the logs:
c.vmware.admiral.host.ProvisioningHost.log:448 - Certificate with thumbprint <Thumbprint> not found
2019-12-23T04:34:30.023Z [priority='ERROR' thread='xn-index-queries-35' user='ACTXB' org='<UUID>' context='<UUID>' parent='<UUID>' token='<UUID>'] c.v.p.c.m.a.v.u.c.BasicConnection.log:448 - Failed to connect to vCenter: Your certificate may be untrusted. To trust the certificate validate your account credentials and accept the untrusted certificate.
Save your cloud account after validation succeeds. Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception [javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
          at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
          at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
          at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)


Environment

VMware vRealize Automation 8.x

Cause

This issue is due to limited support for using a proxy for the vSphere, NSX-V and NSX-T endpoints in vRealize Automation 8.0.1.

Resolution

This issue will be resolved with a code-fix in vRealize Automation 8.0.1 Patch 2 and vRealize Automation 8.1 GA.

Workaround:
  1. Copy the attached from this KB <link to .tgz archive> to each vRA node.
  2. Backup and archive all python modules:
    cd /opt/python/modules; tar -zcvf archive.tgz *
  3. Decompress the archive copied in step 1. from the root directory:
    cd /; tar -axvf path_to_archive.tgz
  4. Apply the old proxy settings using the new proxy configuration by running:
    vracli proxy apply
  5. Retry adding the vCenter endpoint.


Additional Information

Application of Patch 1 on any vRealize Automation 8.0.1 GA instance will overwrite this KB.  Please reapply this KB in this event.

Attachments

patch1 get_app