Adding a Docker host in the Container service results in SSL error in vRA 7.x
search cancel

Adding a Docker host in the Container service results in SSL error in vRA 7.x


Article ID: 339756


Updated On:


VMware Aria Suite


  • Adding Docker host in container service results in an SSL error.
  • You see error similar to:

    Error connecting to https://<remote_host>:<remote_port> : General SSLEngine problem


    Error connecting to https://<remote_host>:<remote_port</span> > : Received fatal alert: bad_certificate


VMware vRealize Automation 7.2.x
VMware vRealize Automation 7.3.x


This issue occurs when there are issues with certificate trust either in the server certificate or in the client certificate.
The first error (General SSLEngine problem) alludes to issues with the server certificate and if the client can trust it.
The second error (bad_certificate) is related to issues with the client certificate, this could be missing authentication extension or some other issue.


This is a known issue affecting vRealize Automation 7.2.x and 7.3.x.

Currently, there is no resolution.

To work around this issue:
  1. Verify in Admiral/Container service credentials view that the client credential is entered correctly (both public and private key in PEM format).
  2. Check the certificate's validity and that the Enhanced Key Usage field contains Client Authentication (
  3. Verify that the CA who signed the client certificate is the same CA defined for the Docker host (tlscacert docker option, for more information, see

    Note: You can use openssl or another tool to check certificate extensions and verify that it is a valid client certificate.

  4. Verify trust for the server certificates whether they are valid, not expired and matching your host certificates.
  5. Log in to vRA appliance(s) through SSH or console session and restart the xenon-service by running the command:

    service xenon-service restart