To resolve this issue, you can add the certificate from the repository to vCenter as trusted. The cert will be located at the URL displayed in the log, and that URL will vary depending on the specific repository location. Check this message per the above:
Connecting to <REPOSITORY SERVER IP Address/FQDN>:21... connected.
Go to this URL in your web browser and export the certificate in base64 format. Save as a .cer file with a name of your choosing such as repository.cer.
Then, choose one of the following options to import:
Resolution 1 - Add the trusted root certificate to the certificate repository
For the steps to add a trusted root certificate to the Trusted Roots store, see the
Add a Trusted Root Certificate to the Certificate Store in the vSphere 6.5 Product Documentation.
Resolution 2 - Upload a repository server certificate
Upload a repository server certificate to
/etc/applmgmt/appliance/patching_def.crt using these steps:
- Connect to your vCenter Server Appliance (VCSA) using SSH
- Create the file /etc/applmgmt/appliance/patching_def.crt using the command vi /etc/applmgmt/appliance/patching_def.crt
- Copy the repository server certificate to this file
- Save the file
- Retry the updates