After vRO/vRA upgrade the UI is not reachable and the browser shows error ERR_SSL_KEY_USAGE_INCOMPATIBLE
Article ID: 325919
Updated On:
Products
VMware Aria Suite
Issue/Introduction
This article provides steps to recover the environment from the current broken state and to load the UI within the browser.
Symptoms:
Opening vRA/vRO UI after upgrade, browser shows error ERR_SSL_KEY_USAGE_INCOMPATIBLE
Symptoms:
Opening vRA/vRO UI after upgrade, browser shows error ERR_SSL_KEY_USAGE_INCOMPATIBLE
Environment
VMware vRealize Automation 8.x
Cause
This issue can occur when upgrading to a newer version and the certificate was generated in a version of VRO/VRA prior to 8.2 where the certificate formatting is different.
Resolution
Currently, there is no resolution.
To workaround the issue:
Note: In a clustered deployment, the steps below need to be run only on one of the nodes.
Note: The output of the command above should contain the following fields:
To workaround the issue:
Note: In a clustered deployment, the steps below need to be run only on one of the nodes.
- Open SSH session to already upgraded vRA appliance and generate a new ingress certificate using below command:
vracli certificate ingress --generate auto --set stdin
- Verify that the certificate is generated properly using below command
vracli certificate ingress --parse
Note: The output of the command above should contain the following fields:
"keyUsage": [
"DigitalSignature"
- Apply the changes above by redeploying the services using command:
/opt/scripts/deploy.sh
- Once the deploy script completes, check that the UI is reachable again.
Note: In case you upgrade an external vRO that is registered as an integration of vRA then you must accept the newly generated certificate. To do so, navigate to vRA > Cloud Assembly > Infrastructure > Integrations and open the vRO integration. Click on validate button and accept the new certificate.
Feedback
Yes
No
Powered by
