This issue is resolved in vCenter Server 6.7.0c, available at
VMware Downloads .
For more information on patching a vCenter Server Appliance node, see
Patching the vCenter Server Appliance and Platform Services Controller Appliance.
Workaround:
To workaround the issue, update the vpxd-extension solution user certificate with one that contains a Subject Alternative Name matching the FQDN of the vCenter Server.
- Open an SSH session to the vCenter Server Appliance and login with root credentials
- Using a text editor, create a new vpxd-extension.cfg file which includes the SAN field. This will be used during the certificate creation process. Use the example below as a reference. The values marked in RED are variables that should be changed.
[ req ]
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = DNS:FQDN.domain.com
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = California
localityName = Palo Alto
0.organizationName = VMware
organizationalUnitName = GSS
commonName = vpxd-extension
- Run this command to create a new certificate request, where vpxd-extension.cfg is the file created in step 2.
openssl req -new -nodes -out vpxd-extension.csr -newkey rsa:2048 -keyout vpxd-extension.key -config vpxd-extension.cfg
- Run this command to create the new vpxd-extension certificate.
openssl x509 -req -days 3650 -in vpxd-extension.csr -out vpxd-extension.crt -CA /var/lib/vmware/vmca/root.cer -CAkey /var/lib/vmware/vmca/privatekey.pem -extensions v3_req -CAcreateserial -extfile vpxd-extension.cfg
- Move the newly created vpxd-extension.crt and vpxd-extension.key files to a workstation that can access the vSphere Client (HTML5).
- For help connecting to the vCenter appliance with WinSCP - Error when uploading files to vCenter Server Appliance using WinSCP (2107727)
- Log into the vSphere Client (HTML5) and navigate to the Certificate Management UI.
- From the Home menu, select Administration.
- Under Certificates, click Certificate Management.
- Populate the server name and enter the SSO administrator credentials.
- In the box for vpxd-extension, click Actions and select Replace.
- Select the new vpxd-extension.crt file for the Certificate Chain.
- Select the new vpxd-extension.key file for the Private Key.
- Click Replace.
- Restart update manager service. For more information see VMware Doc.
Alternatively, use the vSphere Web Client (Flex) to manage and administer vSphere Update Manager.