A connection using SSL may fail with error handshake alert: unrecognized_name when the external Host is set use Server Name Identification (SNI)

If the Server Name Identification (SNI) fails, then the connection will fail with "handshake alert: unrecognized_name"

• To resolve the issue please update the server you are trying to connect to.
  • If the external endpoint cannot be updated, vRO maybe configured to disable SNI.  See the Workaround below.

Disable SNI in vRO

Prerequisites

• Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
• You have access to root user and password
• You have SSH or console access to each virtual appliance.

Procedure

1. SSH / PuTTy into one vRA virtual appliance in the cluster
2. Please create a backup /opt/charts/vco/templates/deployment.yaml in the root folder or any other folder

3. cp -a /opt/charts/vco/templates/deployment.yaml /root/vro-deployment.yaml.bak

Note: Please make sure the backup file is not in the same folder as this will cause the service deployment to fail

4. Open the file in vi or another text editor of your choice. vi is available on the appliance.

   vi /opt/charts/vco/templates/deployment.yaml

5. Navigate to the section starting with - name: vco-server-app
6. Below it you will find JVM_OPTS
7. Add a new line and append the following

   -Djsse.enableSNIExtension=false

8. Save the file with command

   :wq!

9. Once services are deployed again then Server Name Identification (SNI) is disabled. To re-deploy / re-start services, follow the instructions available at Starting and stopping vRealize Automation (vmware.com)