Troubleshooting LCMVIDM72240 when replacing the VMware Identity Manager Certificate
book
Article ID: 326071
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
Replacing the VMware Identity Manager certificate with VMware Aria Suite Lifecycle (formerly vRealize Suite Lifecycle Manager) 8.x fails with:
Error Code: LCMVIDM72240
Failed to apply certificate on VMware Identity Manager. Refer to vRSLCM logs for further details.
Failed to apply certificate on the host <Identity Manager FQDN>. Exception message: certificate_unknown(46)
The /var/log/vrlcm/vmware_vrlcm.log file has the following exceptions:
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkAlgorithmConstraints(ImportX509TrustManager_5.java:107)
at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkAdditionalTrust(ImportX509TrustManager_5.java:87)
at org.bouncycastle.jsse.provider.ImportX509TrustManager_5.checkServerTrusted(ImportX509TrustManager_5.java:69)
at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(ProvSSLSocketWrap.java:126)
... 32 more
Caused by: java.security.cert.CertPathValidatorException: Certificate doesn't support 'serverAuth' ExtendedKeyUsage
Environment
VMware Aria Suite Lifecycle 8.x VMware vRealize Suite Lifecycle Manager 8.x
Cause
The error occurs when the certificate is generated with incorrect or missing Extended Key Usage. In this instance missing the 'serverAuth' extension.
Resolution
To resolve the issue regenerate the VMware Identity Manager certificate with serverAuth enabled in Extended Key Usage.