"Certificate for 'IP Address' doesn't match common name of the certificate subject" error when executing vSphere Replication workflows in Aria Orchestrator
search cancel

"Certificate for 'IP Address' doesn't match common name of the certificate subject" error when executing vSphere Replication workflows in Aria Orchestrator

book

Article ID: 314854

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • vSphere Replication workflows fail in Aria Orchestrator and the following SSL exception is present in theĀ /var/log/services-logs/prelude/vco-app/file-logs/vco-server-app.log file :
Caused by: javax.net.ssl.SSLException: Certificate for <vCenter or PSC IP Address> doesn't match common name of the certificate subject: <vCenter or PSC FQDN>
  • In the VRMS appliance interface https://VRMSFQDN:5480 under the Summary tab the vCenter server or platform service controller is specified using its ip address.


Environment

VMware vRealize Orchestrator 8.x

Cause

This issue occurs when the IP address of the vCenter or PSC has been specified in the configuration but the ip address is missing as a Subject Alternative Name(SAN) entry in the relevant certificate.


Resolution

To resolve the issue there are two options:

Option1

Note: This approach is less impactful as it will not require certificate replacement and trust repair amongst the various components.

1. Update the configuration of the vCenter and Platform Service Controller entries in the VRMS appliance management interface to leverage FQDN by selecting the Reconfigure option.
2. Execute the Aria Orchestrator "Reconnect a VC to VC pair" Workflow to update Aria Orchestrator with the new configuration.



Option2

Regenerate & replace the offending vCenter or Platform Service Controller certificate to include the IP address as part of its Subject Alternative Name(SAN) field.