Attempting to join an SDDC Manager to a federation fails with the error "Unable to find a valid certificate path to requested target"
search cancel

Attempting to join an SDDC Manager to a federation fails with the error "Unable to find a valid certificate path to requested target"

book

Article ID: 325215

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Symptoms:
  • Attempting to join an SDDC Manager to a federation fails with the error "Unable to find a valid certificate path to requested target"


Environment

VMware Cloud Foundation 3.10.x
VMware Cloud Foundation 3.9.x
VMware Cloud Foundation 4.x

Cause

This occurs when an SDDC Manager does not trust the certificate of another SDDC Manager.

Resolution

This is a known issue affecting VMware Cloud Foundation 3.x and 4.x. There is currently no resolution to this issue.

Workaround:
To work around this issue, use the following commands to establish trust between two SDDC Managers. In this example, the two SDDC Managers have the FQDNs sddc-manager-a.vmware.local (already in the federation) and sddc-manager-b.vmware.local (wants to join the federation)
  1. Initiate an SSH session to sddc-manager-a.vmware.local as the vcf user and execute the following command:
sshpass -p <password> ssh -o StrictHostKeyChecking=no [email protected] "curl http://127.0.0.1/appliancemanager/certificates/controller?fqdn=sddc-manager-b.vmware.local > /tmp/member.json && curl -X POST -H "Content-Type:application/json" -d @/tmp/member.json http://127.0.0.1/appliancemanager/certificates/controller"
  1. Initiate an SSH session to sddc-manager-b.vmware.local as the vcf user and execute the following command:
sshpass -p <password> ssh -o StrictHostKeyChecking=no [email protected] "curl http://127.0.0.1/appliancemanager/certificates/member?fqdn=sddc-manager-a.vmware.local > /tmp/member.json && curl -X POST -H "Content-Type:application/json" -d @/tmp/member.json http://127.0.0.1/appliancemanager/certificates/member"


Powered by Wolken Software