Replacing Aria Suite LifeCycle certificate from the SDDC Manager Ui with Failed to replace certificate for <vrslcm_FQDN> due to: Unable to copy the certificate key file <vrslcm_FQDN>.key.
search cancel

Replacing Aria Suite LifeCycle certificate from the SDDC Manager Ui with Failed to replace certificate for <vrslcm_FQDN> due to: Unable to copy the certificate key file <vrslcm_FQDN>.key.

book

Article ID: 369545

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Symptoms:

  • Upload and install vrslcm custom certificate from the SDDC Manager UI failed 
  • operationsmanager.log contains errors similar to the excerpt below:
    [YYYY-MM-DDTHH:MM:SS] DEBUG [vcf_om,08373b2974be4e51,91fb] [c.vmware.vcf.secure.ssh.SshExecuter,om-exec-26] Establishing SSH session to host: <vrslcm_FQDN>
    [YYYY-MM-DDTHH:MM:SS] DEBUG [vcf_om,08373b2974be4e51,91fb] [c.v.v.s.c.s.SecurityConfigurationServiceImpl,om-exec-26] Security config retrieved {"fipsMode":false}
    [YYYY-MM-DDTHH:MM:SS] DEBUG [vcf_om,08373b2974be4e51,91fb] [c.vmware.vcf.secure.ssh.SshExecuter,om-exec-26] Successfully connected over SSH to host: <vrslcm_FQDN> [Attempt #1].
    [YYYY-MM-DDTHH:MM:SS] DEBUG [vcf_om,08373b2974be4e51,91fb] [c.vmware.vcf.secure.ssh.SshExecuter,om-exec-26] End of execution of command [cp /var/tmp/ssl_cert/<vrslcm_FQDN> /opt/vmware/vlcm/cert/server.key], Status: 1
    Output: Error output: cp: cannot stat '/var/tmp/ssl_cert/<vrslcm_FQDN>.key': No such file or directory

Environment

VMware Cloud foundation 5.x

VMware Cloud foundation 4.x

Cause

The CSR was generated and downloaded as vrslcm_FQDN.csr from The SDDC Manager UI, but the private key was missing in the CSR file before it was signed by an enterprise certificate authority (CA).

 

Resolution

  1. Regenerate and download the vrslcm CSR from the SDDC Manager UI.
  2. Sign it with an enterprise certificate authority (CA).
  3. Upload and install the new certificate again.
Powered by Wolken Software