Failure while importing an encrypted certificate into LCM
Article ID: 338487
Updated On:
Products
VMware Aria Suite
Issue/Introduction
To import the encrypted certificate into LCM without any failure and use it on the vRealize suite of products.
Symptoms:
When importing an encrypted key by providing a valid passphrase, LCM throws the error - Unable to decrypt key. Please check the provided passphrase.
Symptoms:
When importing an encrypted key by providing a valid passphrase, LCM throws the error - Unable to decrypt key. Please check the provided passphrase.
Environment
VMware vRealize Suite Lifecycle Manager 8.1.x
Resolution
This is a known issue.
Workaround:
Workaround:
- Take a snapshot of the LCM appliance for backup.
- SSH to the LCM appliance as root user
- Edit file /usr/java/jre-vmware/lib/security/java.security to add security.provider.10 after security.provier.9 like below;
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
- Issue following commands;
unzip -d /tmp/jar/ /var/lib/vrlcm/vmlcm-service-*.jar
cp /tmp/jar/BOOT-INF/lib/bc*.jar /usr/java/jre-vmware/lib/ext/
rm -r /tmp/jar/
systemctl restart vrlcm-server.service
cp /tmp/jar/BOOT-INF/lib/bc*.jar /usr/java/jre-vmware/lib/ext/
rm -r /tmp/jar/
systemctl restart vrlcm-server.service
Note: To successfully upgrade LCM we must remove below 4 jars from /usr/java/jre-vmware/lib/ext before proceeding with upgrade.
bcmail-jdk15on-1.54.jar bcpkix-jdk15on-1.62.jar bcprov-ext-jdk15on-1.62.jar bcprov-jdk15on-1.62.jar
These jars are added as part of the above workaround, if not removed LCM upgrade would fail.
bcmail-jdk15on-1.54.jar bcpkix-jdk15on-1.62.jar bcprov-ext-jdk15on-1.62.jar bcprov-jdk15on-1.62.jar
These jars are added as part of the above workaround, if not removed LCM upgrade would fail.
Feedback
Yes
No
Powered by
