Step 1 :To resolve this issue, the user needs to get the signing certificate chain. A chain may include a root certificate and intermediate certificate(s). There are several ways to get the certificate chain. One of them is to use a certificate chain resolver.
Step 2:After getting the root/intermediate certificate chain, the user needs to add them to content library/VECS trust store by using any of the following 2 methods.
1. Add the certificate(s) to content library trust store:API has been provided to add the certificate to content library trust store. User running this API requires ContentLibrary.AddCertToTrustStore privilege.
Here is a sample curl command which adds the certificate to trust store.
url='
https://VC_IP'
username='USERNAME'
password='PASSWORD'
##### Authenticate
session_id=`curl -X POST -k -H 'Content-Type: application/json' -u "$username:$password" "$url/rest/com/vmware/cis/session" | jq -r .value`
##### Add Certificate
curl -X POST -k \
-H 'Accept: application/json' -H "Content-Type: application/json" -H "vmware-api-session-id: $session_id" \
"$url/api/content/trusted-certificates" \
-d '{
"cert_text": "CERTIFICATE_IN_PEM_FORMAT"
}' | jq -r "."
2. Add the certificate(s) to VECS store:
- Log in with the vSphere Client to the vCenter Server.
- Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
- If you specified a different domain during installation, log in as administrator@ mydomain.
- Navigate to the Certificate Management UI.
- From the Home menu, select Administration.
- Under Certificates, click Certificate Management.
- Click "ADD" next to Trusted Root Certificates
- Browse and select the certificate(s) found in Step1
After adding the certificate, the failing items can be re-synced in the subscribed library. Alternatively, they can be re-imported in the local library.
Product versions: vCenter 7.0U3 and above