VMware vRealize Log Insight fails to communicate with a vCenter Server with a certificate that uses a public key length less than 1024 bits
search cancel

VMware vRealize Log Insight fails to communicate with a vCenter Server with a certificate that uses a public key length less than 1024 bits

book

Article ID: 343801

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
    • When you attempt to configure vSphere Integration in VMware vRealize Log Insight, the operation fails.
    • You may see an error similar to.

      HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

    • This issue occurs when the certificate used by the vCenter Server has a public key length less than 1024 bits.


    Environment

    VMware vRealize Log Insight 3.3.x
    VMware vRealize Log Insight 2.5.x
    VMware vRealize Log Insight 3.0.x
    VMware vCenter Log Insight 2.x

    Cause

    This issue occurs when vCenter Server has a certificate with a public key length less than 1024 bits. vCenter Server 4.x auto-generated a 512-bit key which is retained after upgrading. vRealize Log Insight 2.0 requires that any certificate used by a vCenter Server has a public key length of at least 1024 bits.

    Resolution

    To resolve this issue, generate a new certificate for the vCenter Server. Ensure that the new certificate has a public key that is greater than 1024 bits in size. For more information, see the VMware vSphere 5.5 Security Guide.