Workflows show error after upgrading Aria Automation Orchestrator to 8.18.1 "ERROR rehash: warning: skipping duplicate certificate in imported-{SHA256}.pem"
search cancel

Workflows show error after upgrading Aria Automation Orchestrator to 8.18.1 "ERROR rehash: warning: skipping duplicate certificate in imported-{SHA256}.pem"

book

Article ID: 381794

calendar_today

Updated On: 07-16-2025

Products

VMware Aria Suite

Issue/Introduction

Running polyglot scripts might show an error similar to:

 

ERROR rehash: warning: skipping duplicate certificate in imported-{SHA256}.pem

or

 ----- End Run log ------
2024-11-12 09:48:27.243 -05:00infoExit code:0
2024-11-12 09:48:27.543 -05:00errorrehash: warning: skipping duplicate certificate in imported-{SHA256}.pem

 

 

Environment

Aria Automation Orchestrator 8.18.1

Cause

This warning occurs when the Aria Automation Orchestrator attempts to re-import trusted certificates that are already included in the Orchestrator CA trust store.

These duplicate entries are identified during the rehashing process, resulting in the warning message.

 

Resolution

Note: Please make sure you have valid backups or snapshots of the Automation Orchestrator appliance(s).

There are two workarounds available to prevent this warning:

Workaround 1: Remove Trusted Root Certificates

Remove the trusted root certificates that are already present in the Aria Orchestrator CA trust store to avoid duplication.

To do this, first you will want to locate the certificate that was identified in the error. There are 2 ways you can perform this check.

Steps:

  1. From the UI: Navigate to Orchestrator Dashboard>Administration>Inventory>Configuration>Keystore>CA Keystore. From there you can see the list of all the available certificates.
  2. Search through each certificate until you locate the one from the error by viewing and comparing the id listed off to the right of the certificate you have selected.
  3. From CLI: run command vracli vro keystore list. This will output the list of the available certificates where you will search for the same id listed in the error next to Fingerprint:<id excluding the colons>
  4. Once you have identified the proper cert, navigate to Library>Workflows>Delete a trusted certificate workflow
  5. Select run on the workflow and click in the empty line that is off to the right of Trusted Certificate to Delete. This will load the same certificate list identified in step 1. 
  6. Select the identified certificate from step 1 and then run the workflow to delete the certificate. 

Workaround 2: Disable Automatic Import of Trusted Certificates

Disable importing the trusted certificates into Polyglot by setting the com.vmware.o11n.polyglot.import-trusted-certificates system property to false.

Steps:

  1. SSH into the Orchestrator appliance.

  2. Run the following command:

    vracli vro properties set -k com.vmware.o11n.polyglot.import-trusted-certificates -v false
     
  3. It is advised that after setting this value to false and running your workflow, upon completion of the workflow to set the value back to true.