The “Install New Certificate” Form Displays Red Underline After Selecting PEM File with "Unable to upload the certificate. The cluster should be in offline state." Error
search cancel

The “Install New Certificate” Form Displays Red Underline After Selecting PEM File with "Unable to upload the certificate. The cluster should be in offline state." Error

book

Article ID: 378454

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • In the Admin UI (https://AriaOpsFQDNorIP/admin), System Status > SSL Certificate (Certificate icon in the Top Right) > Install New Certificate > Browse... and selecting a .pem file, the form displays a red underline under the file name without any error message.

  • Hover the mouse cursor over the file name field.

  • A tooltip will be displayed briefly with a message about the reason why the file can not be applied.

  • One of the more common messages for this when a valid .pem file has been selected is

    "Unable to upload the certificate. The cluster should be in offline state."

  • The following error message can also be found in the /storage/log/vcops/log/casa/admin-ui.log:
    INFO [ajp-nio-127.0.0.1-8011-exec-66] com.vmware.vcops.util.admin.HTTPSRequester:488 - Upload file reordered.pem' to URL : https://localhost/casa/cluster/security/uploadcert
INFO [ajp-nio-127.0.0.1-8011-exec-66] com.vmware.vcops.util.admin.HTTPSRequester:609 - Response Code : 412
INFO [ajp-nio-127.0.0.1-8011-exec-66] com.vmware.vcops.util.admin.HTTPSRequester:503 - Response : {"error_message_key":"security.certificate.verification.cluster_not_in_offline_state","error_arguments":[],"error_message":"Unable to upload the certificate. The cluster should be in offline state."}

Environment

  • VMware Aria Operations 8.x

Cause

  • The certificate upload failed because the Aria Operations cluster was not in an offline state when the uploadcert API call was made.

  • Aria Operations has a built-in security and operational requirement that the cluster must be explicitly brought offline before installing or replacing certificates. This ensures consistency across all nodes and prevents potential service disruptions or security vulnerabilities during such a critical infrastructure change.

  • The system returned an HTTP 412 (Precondition Failed) error, explicitly stating this requirement: "Unable to upload the certificate. The cluster should be in offline state."

Resolution

Powered by Wolken Software