"Cannot configure identity source due to Invalid certificate bytes" when trying to save an AD over LDAPS identity source in VC 8.0 Update 2
search cancel

"Cannot configure identity source due to Invalid certificate bytes" when trying to save an AD over LDAPS identity source in VC 8.0 Update 2

book

Article ID: 326229

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
Trying to save an identity source with type "Active Directory over LDAPS" fails with an error message:
Cannot configure identity source due to Invalid certificate bytes.
LDAPS Save error
When reviewing the log of the vSphere Client, /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log, the following entry can be found:
[2023-10-09T16:14:56.371Z] [ERROR] tp-nio-127.0.0.1-5090-exec-1  com.vmware.vsphere.client.h5.pscui.controller.PscController      
Error while adding new Identity Source : sysops.localjava.lang.IllegalArgumentException: Invalid certificate bytes


Environment

VMware vCenter Server 8.0.2

Cause

This is caused by the certificate file containing Windows line feed characters (CR/LF)
Windows formatted certificates are not currently supported in vCenter Server 8.0 Update 2

Resolution

VMware engineering is aware of this problem and are currently working on a fix

Workaround:
To work around this issue, change the file formatting from CR/LF to Linux LF (for example by using Notepad++ as in the screenshot below, and save the change. 



Alternatively, if the certificate file is on a linux system , the file can be converted from windows to linux line feed characters, using the sed command (replace <certificate file> with the correct filename):

# sed -i -e 's/\r$//' <certificate file>


Once the certificate has been saved with the correct formatting, restart the identity source wizard and select the corrected certificate file when prompted.