Error: "Could not find SSL/X509 certificate from..." When pairing sites
search cancel

Error: "Could not find SSL/X509 certificate from..." When pairing sites

book

Article ID: 314960

calendar_today

Updated On:

Products

VMware Cloud Director VMware Live Recovery

Issue/Introduction

  • When pairing sites in VMware Cloud Director Availability (VCDA), you see the following error in UI:
Could not find SSL/X509 certificate from "https://FQDNpairing_address:443"
  • In /opt/vmware/h4/replicator/log/replicator.log on the on-premises VCDA appliance when pairing an on-premises site to a cloud site, you see similar error:

2019-04-30 15:36:17.366 ERROR - [UI__########-####-####-####-###############] [https-jsse-nio-8440-exec-5] c.v.h.c.c.error.ExceptionAdvisorBase     : A GET request from root[###.###.###.###] to /config/remote-certificate?url=FQDNpairing_address:443 failed.

com.vmware.h4.exceptions.common.FailedToRetrieveCertificateException: Could not find SSL/X509 certificate from 'https://FQDNpairing_address:443'.
        at com.vmware.h4.common.service.BaseConfigService.obtainCert(BaseConfigService.java:336)
        at com.vmware.h4.common.service.BaseConfigService.getX509CertificateDetails(BaseConfigService.java:307)
        at com.vmware.h4.common.service.BaseConfigService.getCertificate(BaseConfigService.java:148)
        at com.vmware.h4.common.controller.BaseConfigController.getCertificate(BaseConfigController.java:103)


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware Cloud Director Availability 4.x

Cause

This issue can occur when the hostname specified in network configuration for cloud Tunnel appliance or public service endpoint address is not DNS resolvable. When pairing sites, both sites need to be able to communicate using their public endpoints.

Resolution

To resolve this issue, ensure a valid hostname is set for all VMware Cloud Availability components and that the Tunnel appliance public endpoint is resolvable by a valid DNS record.

To validate and change the hostname on a VMware Cloud Director Availability component, perform the following steps:

  1. In a browser, log into the VCDA component's management portal.
  2. Navigate to Configuration > Settings > Network and click Edit.
  3. Ensure that the Hostname field is set as the FQDN for the component.
  4. If you need to change the hostname:
  5. Enter the new hostname and click Apply.
  6. Navigate to System Monitoring > System health and click Reboot VM.
Powered by Wolken Software