After changing an IaaS certificate through VAMI with a chained signed certificate untrusted chain errors appear in logs
Article ID: 336962
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
After changing an IaaS certificate through VAMI with a chained signed certificate, untrusted chain errors appear in logs, similar to the following:
After changing an IaaS certificate through VAMI with a chained signed certificate, untrusted chain errors appear in logs, similar to the following:
- DynamicOps.Common.Client.UntrustedCertificateException: Certificate is not trusted (RemoteCertificateChainErrors)
Or,
- Thumbprint mismatch, could not find thumbprint <...>, expected thumbprint <...>
Or,
- Invalid certificate found: CN=<...>, O=<...>, L=<...>, S=<...>, C=<...>, Untrusted certificate chain
Environment
VMware vRealize Automation 7.5.x
Cause
The signing certificates are not present in the trusted stores of the IaaS nodes and the change certificate procedure adds the host only.
Resolution
In vRA 7.6 the VAMI change Web/Manager Service certificate procedure installs the entire chain in the respective certificate stores on the IaaS nodes.
Workaround:
To workaround this issue,
Workaround:
To workaround this issue,
- Import the Root certificate in the Trusted Root Certification Authorities store and any intermediate signing certificate - in the Intermediate Certificate Authorities store.
Note: This applies for all IaaS nodes.
Feedback
Yes
No
Powered by
