Exception 'Untrusted certificate chain' after replacing vRA certificate
search cancel

Exception 'Untrusted certificate chain' after replacing vRA certificate

book

Article ID: 345154

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

After replacing vRealize Automation and IaaS certificates, you see these symptoms:
 
  • vRealize Orchestrator services does not start as it does not trust vRealize Automation certificates after replacing them.
  • In vRealize Orchestrator's catalina.out file, you see entries similar to:

    2016-11-01 10:46:48.133+1100 [serverHealthMonitorScheduler-1] WARN {} [CafeAbstractTrustManager] Untrusted certificate chain:
    2016-11-01 10:46:48.133+1100 [serverHealthMonitorScheduler-1] WARN {} [CafeAbstractTrustManager] Untrusted certificate with serial number: [1231231231231231231231231231231231231231231231] and thumbprint: [00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx]
    2016-11-01 10:46:48.133+1100 [serverHealthMonitorScheduler-1] WARN {} [CafeAbstractTrustManager] Untrusted certificate with serial number: [123123123123123123123123123123123123123123123] and thumbprint: [00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx]
    2016-11-01 10:46:48.133+1100 [serverHealthMonitorScheduler-1] WARN {} [CafeAbstractTrustManager] Untrusted certificate with serial number: [12312312312312312312312312312312312312] and thumbprint: [00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx:00:xx]

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

 

Environment

VMware vRealize Automation 7.1.x
VMware vRealize Automation 7.0.x

Cause

When vRealize Automation SSL certificate is being changed from the virtual appliance, the vRealize Orchestrator authentication is reset against the default tenant and admin group (vcoadmins).
 
This issue occurs if the default configuration is not suitable because of vRealize Orchestrator configured against another tenant and group.

Resolution

This is a known issue affecting VMware vRealize Automation 7.x.

Currently, there is no resolution.

To workaround the issue:
 
  1. Log in to the vRealize Orchestrator control-center.
  2. Navigate to Authentication Settings tab.
  3. Set Tenant to vsphere.local.
  4. Set Admin Group to vcoadmins.
  5. Restart vRealize Orchestrator.
 


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.

To replace certificates in the vRealize Automation appliance 7.x, see: