"Generic Error during the SSL Handshake" error when entering VMware Cloud Director details in the initial setup of the Cloud Director Replication Management Appliance in VMware Cloud Director Availability
search cancel

"Generic Error during the SSL Handshake" error when entering VMware Cloud Director details in the initial setup of the Cloud Director Replication Management Appliance in VMware Cloud Director Availability

book

Article ID: 315126

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Symptoms:

  • When configuring a VMware Cloud Director Availability Cloud Director Replication Management Appliance instance, you are unable to register the Cloud Director Replication Management Appliance with a VMware Cloud Director instance.
  • Registering the Cloud Director Replication Management Appliance with VMware Cloud Director fails with the error:
Generic Error during the SSL Handshake
  • In /opt/vmware/h4/cloud/log/cloud.log on the Cloud Director Replication Management Appliance, you see messages similar to:
2020-03-12 23:51:47.358 ERROR - [UI-c2942724-64ec-48f8-96ec-515253d65fa3-Nc] [https-jsse-nio-8443-exec-10] c.v.h.c.c.error.ExceptionAdvisorBase     : A POST request from root[192.168.X.X] to /config/check-vcloud failed.

com.vmware.exception.GenericSSLException: Certificate for <VCD name> doesn't match any of the subject alternative names: []
        at com.vmware.exception.converter.ClientExceptionConverter.convertException(ClientExceptionConverter.java:64)
        at com.vmware.rest.client.AbstractRestClient.genericExchange(AbstractRestClient.java:151)


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware vCloud Availability 3.5.x
VMware vCloud Availability 3.0.x
VMware Cloud Director Availability 4.x

Cause

This issue can occur when the subject or the SAN of a VMware Cloud Director certificate doesn’t match the address of VMware Cloud Director as entered into the VMware Cloud Director Availability configuration screen.

VMware Cloud Director Availability verifies the host name of VMware Cloud Director against the VMware Cloud Director certificate presented. The Common Name or at least one of the entries in the Subject Alternative Name must match the fully qualified domain name (FQDN) or IP address of the VMware Cloud Director used when registering VMware Cloud Director in VMware Cloud Director Availability.

Resolution

To resolve this issue, enter an address for VMware Cloud Director in the VMware Cloud Director Availability interface that successfully matches the configured certificate.

Alternatively, replace the VMware Cloud Director certificate with a certificate that correctly matches the VMware Cloud Director FQDN in the Common Name or Subject Alternative Name fields of the certificate.

For more information on changing VMware Cloud Director certificates, see the Replacing Certificates for the VMware Cloud Director 10.5 HTTPS Endpoint section of the VMware Cloud Director documentation.

After the VMware Cloud Director certificate has been updated, resume the initial setup of the VMware Cloud Director Availability Cloud Director Replication Management Appliance.

Additional Information

For more information, see the Deployment requirements in the Cloud Director site section of the VMware Cloud Director Availability documentation.

Powered by Wolken Software