VMware Cloud Director cell service does not start after reboot
search cancel

VMware Cloud Director cell service does not start after reboot

book

Article ID: 378898

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • VMware Cloud Director cell service does not start after reboot
  • Certificate was replaced recently
  • In cell-runtime.log under /opt/vmware/vcloud-director/logs , we see errors that match one of the below:
    Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid

     OR

    Caused by: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
        javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity
 check failed

Caused by: java.security.cert.CertificateExpiredException: NotAfter: [Expiration_date]
     

Environment

10.x

Cause

This happens if the certificate chain is out of order or expired

Resolution

  • Cert chain should be in the following order : Server, Intermediate and then Root certificate.
  • Take a backup of the .crt , .pem or ,pfx file in use and update the chain in the above order 
  • Additionally, verify there are no spaces or unwanted characters between the certificates. 

    Certificate file's content should look like this:

    -----BEGIN CERTIFICATE-----
    xxxx
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    xxxx
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    xxxx
    -----END CERTIFICATE-----


Note: Since 10.5.1 and later, the Service Admin portal needs to be accessible as that is the only supported way to update cell certificates. In cases where the portal is not accessible any more, try one of the options below : 

 

Additional Information

Powered by Wolken Software