Error occurred while adding trusted root certificates: Trusted root already exists
Article ID: 370838
Updated On:
Products
Issue/Introduction
When importing a certificate into the trusted root store the subject key identifier of the certificate is checked and if it is already present you will get the following error:
Error occurred while adding trusted root certificates: Trusted root already exists
Additionally importing a custom machine SSL certificate will fail if any Certificate in the chain e.g the intermediate or root has the same subject key id of a certificate already present in the trusted root store, but is in fact a different certificate with for example different expiration dates/different sha value ect.
Cause
This issue is most commonly seen after a Certificate Authority upgrades its Root or Intermediate certificates without changing the subject key identifier.
For example the root or intermediate certificates expiration date is changed or encryption algorithm is upgraded.
Resolution
Snapshot of vCenter should be taken, if ELM Linked mode vCenters offline snapshots of all linked nodes.
Using the following kb article, identify and remove the certificate that is to be replaced:
Once the duplicate certificate in the trusted root store that has the same Subject Key Identifier has been removed the import of the new certificate will be successful.
Feedback
