"Cannot configure identity source due to Invalid certificate bytes" when trying to save an AD over LDAPS identity source in VC 8.0 Update 2
search cancel

"Cannot configure identity source due to Invalid certificate bytes" when trying to save an AD over LDAPS identity source in VC 8.0 Update 2

book

Article ID: 326229

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Configuring an identity source with type "Active Directory over LDAPS" fails with an error message:

Cannot configure identity source due to Invalid certificate bytes.


Logs for vsphere client : /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log
[YYYY-MM-DDTHH:MM:SS.SSSZ] [ERROR] tp-nio-127.0.0.1-5090-exec-1  com.vmware.vsphere.client.h5.pscui.controller.PscController      
Error while adding new Identity Source : sysops.localjava.lang.IllegalArgumentException: Invalid certificate bytes


Environment

VMware vCenter Server 8.0.2

Cause

This is caused by the certificate file containing Windows line feed characters (CR/LF or \n) instead of Unix line feed characters (LF, \n).
Windows-formatted certificates are not currently supported in vCenter Server 8.0 Update 2.

Resolution

VMware engineering is aware of this problem and are currently working on a fix

Workaround:
To work around this issue, change the file formatting from CR/LF to Linux LF (for example, by using Notepad++ as in the screenshot below, and save the change. 



Alternatively, if the certificate file is on a linux system, the file can be converted from windows to linux line feed characters, using the sed command (replace <certificate file> with the correct filename):

# sed -i -e 's/$//' <certificate file>


Once the certificate has been saved with the correct formatting, restart the identity source wizard and select the corrected certificate file when prompted.

Powered by Wolken Software