Importing custom SSL certificates into vCenter fails with an error "Certificate uses unsupported signature algorithm

search cancel

Importing custom SSL certificates into vCenter fails with an error "Certificate uses unsupported signature algorithm - ecdsa-with-SHA256"

book

Article ID: 369797

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

When importing custom SSL certificates fails

Error: Certificate uses an unsupported signature algorithm - ecdsa-with-SHA256. Only SHA-2 RSA algorithms are supported on the vCenter Server.
Status : 0% Completed [Operation failed, performing automatic rollback]

Environment

VMWare vCenter Server 8.x

Cause

vSphere deploys only RSA certificates for server authentication and does not support generating ECDSA certificates.

The algorithms md2WithRSAEncryption, md5WithRSAEncryption, RSASSA-PSS, dsaWithSHA1, ecdsa_with_SHA1, ecdsa_with_SHA2 and sha1WithRSAEncryption are not supported

Resolution

Only RSA certificates are supported for machine SSL.

When creating a custom machine SSL certificate for vCenter Server, Server Authentication and Client Authentication are not supported, and must be removed when using the Microsoft Certificate Authority (CA) templates. For more information, refer to knowledge base article - https://knowledge.broadcom.com/external/article/322174/provided-certificate-using-the-weak-sign.html

Additional Information

Refer to documentation: vSphere Certificate Requirements for Different Solution Paths

Feedback

thumb_up Yes

thumb_down No