SDDC Manager password management operations fail for vRLI with "Certificate for <FQDN> doesn't match any of the subject alternative names"
Inventory sync completes successfully
Passwords set on the appliance match the passwords stored in lookup_passwords
SDDC Manager can successfully SSH to vRLI
Operationsmanager.log shows the following:
2024-05-31T14:24:02.333+0000 ERROR [vcf_om,051ac695ea4569f9,4033] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-29] Certificate for <FQDN> doesn't match any of the subject alternative names: [<IP,FQDN>]
com.vmware.vcf.passwordmanager.exception.PasswordUpdateException: Certificate for <FQDN> doesn't match any of the subject alternative names: [<IP,FQDN>]
at com.vmware.vcf.passwordmanager.update.changers.VrliApiChanger.loginTest(VrliApiChanger.java:159)
at com.vmware.vcf.passwordmanager.update.changers.VrliApiChanger.doTest(VrliApiChanger.java:71)
at com.vmware.vcf.passwordmanager.update.changers.AbstractPasswordChanger.updateAsync(AbstractPasswordChanger.java:429)
at com.vmware.vcf.passwordmanager.update.changers.AbstractPasswordChanger.doUpdate(AbstractPasswordChanger.java:198)
at com.vmware.vcf.passwordmanager.rotate.AbstractPasswordTransactionExecutor$1.call(AbstractPasswordTransactionExecutor.java:100)
at com.vmware.vcf.passwordmanager.rotate.AbstractPasswordTransactionExecutor$1.call(AbstractPasswordTransactionExecutor.java:88)
at org.springframework.cloud.sleuth.instrument.async.TraceCallable.call(TraceCallable.java:67)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <FQDN> doesn't match any of the subject alternative names: <IP,FQDN>]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.ava:236)
at brave.httpclient.TracingMainExec.execute(TracingMainExec.java:65)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at brave.httpclient.TracingProtocolExec.execute(TracingProtocolExec.java66)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.vmware.vcf.secure.http.HttpClientService.getHTTPResponse(HttpClientService.java:1073)
at com.vmware.vcf.secure.http.HttpClientService.getHTTPResponse(HttpClientService.java:972)
at com.vmware.vcf.secure.http.HttpClientService.getHTTPResponseStatus(HttpClientService.java:741)
at com.vmware.vcf.secure.http.HttpClientService.getHTTPResponseCode(HttpClientService.java:538)
at com.vmware.vcf.secure.http.HttpClientService.getHTTPResponseCode(HttpClientService.java:560)
at com.vmware.vcf.passwordmanager.update.changers.VrliApiChanger.loginTest(VrliApiChanger.java:140)
. . . 10 common frames omitted
2024-05-31T14:24:02.334+0000 DEBUG [vcf_om,051ac695ea4569f9,4033] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-29] Error Message : Certificate for <FQDN> doesn't match any of the subject alternative names: [<IP,FQDN>], Error Token : UMLTQN, Error Cause : {}
2024-05-31T14:24:02.520+0000 DEBUG [vcf_om,051ac695ea4569f9,4033] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-29] About to mark resource state as error. . .
2024-05-31T14:24:02.535+0000 DEBUG [vcf_om,051ac695ea4569f9,4033] [c.v.v.p.r.AbstractPasswordTransactionExecutor,om-exec-2] Password operations failed for admin
VMware Cloud Foundation 5.x
vRLI 8.12
The vRLI certificate does not contain the FQDNs and IPs for the VIP and all three vRLI nodes.