"Could not find SSL/X509 certificate from..." error when pairing sites in vCloud Availability 3.0
Article ID: 314960
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
- When pairing sites in vCloud Availability, you see the following error in UI:
Could not find SSL/X509 certificate from "https://Tunnel-Appliance-Public-address"
- In /opt/vmware/h4/replicator/log/replicator.log on the on-premises vCloud Availability appliance when pairing an on-premises site to a cloud site, you see similar error:
2019-04-30 15:36:17.366 ERROR - [UI__0ed9e5ac-5baa-4215-8238-1a4d1cacbb38_9d] [https-jsse-nio-8440-exec-5] c.v.h.c.c.error.ExceptionAdvisorBase : A GET request from root[192.168.110.10] to /config/remote-certificate?url=Tunnel-Appliance-Public-address%3A8048 failed.
com.vmware.h4.exceptions.common.FailedToRetrieveCertificateException: Could not find SSL/X509 certificate from 'Tunnel-Appliance-Public-address:8048'.
at com.vmware.h4.common.service.BaseConfigService.obtainCert(BaseConfigService.java:336)
at com.vmware.h4.common.service.BaseConfigService.getX509CertificateDetails(BaseConfigService.java:307)
at com.vmware.h4.common.service.BaseConfigService.getCertificate(BaseConfigService.java:148)
at com.vmware.h4.common.controller.BaseConfigController.getCertificate(BaseConfigController.java:103)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
com.vmware.h4.exceptions.common.FailedToRetrieveCertificateException: Could not find SSL/X509 certificate from 'Tunnel-Appliance-Public-address:8048'.
at com.vmware.h4.common.service.BaseConfigService.obtainCert(BaseConfigService.java:336)
at com.vmware.h4.common.service.BaseConfigService.getX509CertificateDetails(BaseConfigService.java:307)
at com.vmware.h4.common.service.BaseConfigService.getCertificate(BaseConfigService.java:148)
at com.vmware.h4.common.controller.BaseConfigController.getCertificate(BaseConfigController.java:103)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vCloud Availability 3.0.x
Cause
This issue can occur when the hostname specified in network configuration for cloud Tunnel appliance is not DNS resolvable. When pairing sites, both sites need to be able to communicate using their public endpoints.
Resolution
To resolve this issue, ensure a valid hostname is set for all vCloud Availability components and that the Tunnel appliance public endpoint is resolvable by a valid DNS record.
To validate and change the hostname on a vCloud Availability component, perform the following steps:
To validate and change the hostname on a vCloud Availability component, perform the following steps:
- In a browser, log into the vCloud Availability component's management portal.
- Navigate to Configuration > Appliance settings > Network and click Edit.
- Ensure that the Hostname field is set as the FQDN for the component.
- If you need to change the hostname:
- Enter the new hostname and click Apply.
- Navigate to System Monitoring > System health and click Reboot VM.
Feedback
Yes
No
Powered by
