Troubleshooting LCMVIDM72240 when replacing the VMware Identity Manager Certificate
Article ID: 326071
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Replacing the VMware Identity Manager certificate with VMware Aria Suite Lifecycle (formerly vRealize Suite Lifecycle Manager) 8.x fails with:
Error Code: LCMVIDM72240 Failed to apply certificate on VMware Identity Manager. Refer to vRSLCM logs for further details. Failed to apply certificate on the host <Identity Manager FQDN>. Exception message: certificate_unknown(46) - The /var/log/vrlcm/vmware_vrlcm.log file has the following exceptions:
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkAlgorithmConstraints(ImportX509TrustManager_5.java:107) at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkAdditionalTrust(ImportX509TrustManager_5.java:87) at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkServerTrusted(ImportX509TrustManager_5.java:69) at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(ProvSSLSocketWrap.java:126) ... 32 more Caused by: java.security.cert.CertPathValidatorException: Certificate doesn't support 'serverAuth' ExtendedKeyUsage
Environment
VMware Aria Suite Lifecycle 8.x
VMware vRealize Suite Lifecycle Manager 8.x
VMware vRealize Suite Lifecycle Manager 8.x
Cause
The error occurs when the certificate is generated with incorrect or missing Extended Key Usage. In this instance missing the 'serverAuth' extension.
Resolution
To resolve the issue regenerate the VMware Identity Manager certificate with serverAuth enabled in Extended Key Usage.
Feedback
Yes
No
Powered by
