• Cloud Director Appliance Management certificate has been replaced as per the documentation for the appropriate version:

• The new Appliance Management certificate has been signed by a certificate authority.
• After applying the new certificate and restarting the services the Cloud Director Appliance VAMI on port 5480 cannot be reached due to a browser error similar to:

This can occur if the new Appliance Management certificate does not have valid Subject Alternative Name (SAN) entries including a DNS entry for the Cloud Director Appliance FQDN.

To resolve this issue ensure that the new Appliance Management certificate being applied to the Cloud Director Cell has valid Subject Alternative Name (SAN) entries present.

To check if the CSR generated on the Cell has a valid SAN extension an openssl command such as the following could be used:

openssl req -in /opt/vmware/appliance/etc/ssl/vcd_ova.csr -noout -text

If a SAN entry was included in the CSR then we would expect a section similar to the following:

Requested Extensions:
X509v3 Subject Alternative Name:
    DNS:vcd.example.com, IP Address:1.2.3.4

Generate a new CSR with valid SAN extensions or add the desired SAN extensions using the process outlined by the Certificate Authority during the certificate signing process.
The Cloud Director documentation describes the process for generating the CSR which includes example SAN entries: