Error: "Couldn't verify client SSL certificate" when replacing VASA Storage Provider certificate from Pure Storage
search cancel

Error: "Couldn't verify client SSL certificate" when replacing VASA Storage Provider certificate from Pure Storage

book

Article ID: 381044

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

  • Renewing Pure Storage VASA storage provider certificate fails with "Couldn't verify the client SSL certificate"
  • Attempting to add the Storage Provider using IP address, or hostname in all upper case fails
  • Pure storage array controllers are named in upper case characters
  • vCenter - /var/log/vmware/sps/sps.log

2024-10-21 12:39:59.254:INFO:[null_E187B_BsC-03A] [bi5X6bkVQxa5PMB3r93ruA] Peer controller CT1 has management address 192.168.12.34
2024-10-21 12:39:59.254:INFO:[null_E187B_BsC-03A] [bi5X6bkVQxa5PMB3r93ruA] Validating client certificate for vCenter with uuid 123456789-xxxx-xxxx-xxxx-xxx and endpoint 192.168.12.34
2024-10-21 12:39:59.254:INFO:[null_E187B_BsC-03A] [bi5X6bkVQxa5PMB3r93ruA] Reading client certificates under nursery key 123456789-xxxx-xxxx-xxxx-xxx 192.168.12.34
2024-10-21 12:39:59.261:INFO:[null_E187B_BsC-03A] [bi5X6bkVQxa5PMB3r93ruA] Profile Summary [setContext] - VASA: 7ms, MIDDLEWARE: 129ms; Free memory: 525MB -> 524MB; Allocated memory: 1000MB -> 1000MB; Max memory: 1000MB
2024-10-21 12:39:59.261:INFO:[null_E187B_BsC-03A] [bi5X6bkVQxa5PMB3r93ruA] Application {http://vasa.purestorage.com/}vasa#{http://com.vmware.vim.vasa/2.0/}setContext has thrown exception, unwinding now: vasa.vim.vmware.com._2_0.StorageFault: Couldnt verify the client SSL certificate

Environment

Pure Storage

Cause

When the hostnames of the Pure Storage array controllers are set to upper case characters, this breaks the storage provider registration process on vCenter as the hostname is passed in lower case format. The mismatch in capitalization throws the error in vCenter as "Couldnt verify the client SSL certificate".

Resolution

To resolve this issue:

  1. Edit the hostnames of the storage controllers to all lower case
  2. Regenerate the certificates on the storage controllers
  3. Re-register the VASA provider

Note: It may be required to engage Pure Storage support to assist with editing the hostnames of the storage controllers and the regeneration of the storage controller certificates.