"requests.exceptions.SSLError" in VMware Integrated OpenStack
search cancel

"requests.exceptions.SSLError" in VMware Integrated OpenStack


Article ID: 342092


Updated On:


VMware VMware Integrated OpenStack


To resolve this issue, change the hostname of a management-server.

  • Running the VIOCLI command in VMware Integrated OpenStack fails with the error:

    Traceback (most recent call last):
    File "/usr/local/bin/viocli", line 10, in <module>
    File "/usr/local/lib/python2.7/dist-packages/viocli/cli.py", line 96, in main
    args.func(args, args.verbose)
    File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/deployment.py", line 176, in handler
    File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/base_bundle.py", line 74, in initialize
    self._conn.authenticate(self._oms_user, self._oms_password)
    File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/common/oms_connection.py", line 55, in authenticate
    self._get_url('/oms/api/hello'), verify=self.cert_path)
    File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 469, in get
    return self.request('GET', url, **kwargs)
    File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 457, in request
    resp = self.send(prep, **send_kwargs)
    File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 569, in send
    r = adapter.send(request, **kwargs)
    File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 420, in send
    raise SSLError(e, request=request)
    requests.exceptions.SSLError: hostname 'oms.domain.local' doesn't match either of 'localhost.localdom', 'localhost'

  • The hostname and certificate subject in the /opt/vmware/vio/etc/oms.crt file does not match.

    Note: localhost.localdom is default name given to management-server, if FQDN in DNS is not configured for the management-server IP address.


VMware Integrated OpenStack 2.5.x
VMware Integrated OpenStack 2.0.x
VMware Integrated OpenStack 3.0.x


This issue occurs when a DNS A and PTR records for management-server IP is changed after the first boot of VIO management-server.

During the first boot of VMware Integrated OpenStack vAPP certificate is created for management-server and it is used in the registration of the plugin to vCenter Server. This certificate is created by using the FQDN returned by DNS reverse lookup of configured IP address for management-server in vAPP installation wizard. If the configured IP did not have associated PTR record the certificate is created with localhost.localdom DNS name.

When a PTR record is defined for the management-server IP address and management-server is restarted, the hostname is changed to reflect the value returned by reverse lookup of configured IP address. When the VIOCLI command is run it verifies the certificate and hostname. If this information is in conflict the viocli command errors.


To resolve this issue, change the hostname of a management-server:
  1. Create a snapshot of VMware Integrated OpenStack vApp.
  2. Shutdown and power on the VMware Integrated OpenStack vApp.
  3. Connect to the management-server through the SSH
  4. Stop oms services by running commands:

    service oms stop
    service osvmw stop

  5. Take a backup of the /opt/vmware/vio/etc file.

    cp -r /opt/vmware/vio/etc /root/etc_backup

  6. Take a snapshot of the management-server.
  7. Remove files that block certificate regeneration by running command:

    rm /opt/vmware/vio/etc/oms.lock /opt/vmware/vio/etc/guard.key

  8. Clean up the old certificate values by running this command:

    sed -i '/cms.*/d' /opt/vmware/vio/etc/vio_system.properties

  9. Run script to generate new certificate:

    /opt/vmware/vio/sysctl/scripts/generate-certs.sh `cat /opt/vmware/vio/etc/keystore.properties | grep keystorePass | awk -F"=" '{print $2}' | tr -d "\n"` oms oms_server /opt/vmware/vio/etc

  10. Modify the /opt/vmware/vio/etc/omjs.properties file and set the oms.extension.registered to false to allow oms to register with vCenter Server with new certificate.
  11. Restore original guard.key and password:

    cp /root/etc_backup/guard.key /opt/vmware/vio/etc/

  12. Open the /opt/vmware/vio/etc/vio_system.properties file and locate the entry starting with:


  13. Replace it with same entry from /root/etc_backup/vio_system.properties file.
  14. Stop and restart the VIO vApp.
  15. Log out from the vSphere Web Client.
  16. Clear the browser cache and log in to the vSphere Web Clinet.
  17. Go to the VMware Integrated Openstack plugin and reconnect the OMS.
  18. Verify if you can run viocli commands and delete the snapshot.