FAILED_TO_IMPORT_VC_TRUSTED_ROOT_CERTIFICATE
[YYYY-MM-DDTHH:MM:SS] ERROR [vcf_dm,66c9704f6658f49e2c3222be114ab2c0,ad06] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-10] [9MAVGA] FAILED_TO_IMPORT_VC_TRUSTED_ROOT_CERTIFICATE Failed to import certificate in vCenter vcenter.example.com trusted root certificates
com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to import certificate in vcenter.example.com trusted root certificates
at com.vmware.evo.sddc.vsphere.contract.ImportTrustedRootCertificatesAction.postValidate(ImportTrustedRootCertificatesAction.java:164)
at com.vmware.evo.sddc.vsphere.contract.ImportTrustedRootCertificatesAction.postValidate(ImportTrustedRootCertificatesAction.java:31)
at com.vmware.evo.sddc.orchestrator.platform.action.FsmActionState.lambda$static$1(FsmActionState.java:23)
at com.vmware.evo.sddc.orchestrator.platform.action.FsmActionState.invoke(FsmActionState.java:62)
..
..
Caused by: java.lang.RuntimeException: java.security.cert.CertificateException: java.security.cert.CertificateException: Can't get single X509 certificate from PEM. More then one certificate in PEM.
at com.vmware.evo.sddc.vsphere.contract.ImportTrustedRootCertificatesAction.lambda$postValidate$2(ImportTrustedRootCertificatesAction.java:119)
VMware Cloud Foundation
One of the CA certificate is added as Chain of intermediate and root in vCenter's trusted roots store.
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store TRUSTED_ROOTS --alias <alias name> --output /certificate/<certificate usage name>.crt
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert unpublish --cert /certificate/<certificate usage name>.crt
dir-cli failed error 13
# /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store TRUSTED_ROOTS --alias <alias_name> --output /certificate/<cert_chain>.crt
# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert unpublish --cert /certificate
/sub_caroot.crt
# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert unpublish --cert /certificate
/
root.crt
# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store TRUSTED_ROOTS --alias <alias name>
# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /certificate
/
sub_caroot.crt
# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /certificate
/ca
root.crt
# /usr/lib/vmware-vmafd/bin/vecs-cli force-refresh
/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /certificate/sub-caroot.crt
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /certificate/caroot.crt