vCenter upgrade fails with error Verification of the machine SSL certificate failed due to an invalid trusted root certificate chain
search cancel

vCenter upgrade fails with error Verification of the machine SSL certificate failed due to an invalid trusted root certificate chain

book

Article ID: 320311

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • vCenter upgrade fails during pre-checks under Stage 2.
  • Error message will display as follows:

Cause

  • There are Several trusted root certificates that are either expired and/or not in use.
  • There are several CRLs in the vCenter.

Resolution

Note: Take Snapshot of the vCenter (Offline Snapshots of all the vCenter if they are in linked mode).

1.  Remove CRLs from vCenter using crl-fix Script. For more information, refer to Error "Failed to force refresh TRUSTED_ROOTS, Error : 183"

2. Unpublish the Expired certificates from the Trusted roots. For more information, refer to Removing CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS)

3. Regenerate Certificates using VMCA. For more information, refer to Regenerate vSphere 6.x, 7.x, and 8.0 certificates using self-signed VMCA

4. Then restart the upgrade again (from stage 1).


Note: For replacing the VMCA Certificates once again to Custom Certificates refer to Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate

 

Powered by Wolken Software